Web Security Life Cycle

1001 Words5 Pages
Web Security Life Cycle Software development life cycles are created to help guide businesses towards meeting specific desires and needs within their applications. They drive the steps used to meet best practices and standards that businesses are required to follow to function. SDLCs are made up of various different stages such as; assessments, application development, QA testing, deployments, etc. Best practices and standards dictate that implementing security within the various steps of an SDLC if not all of the steps will provide the best results that any business is trying to achieve. An SDLC can come in a few different models like a waterfall model, spiral model and a V-Model. This document will be used to describe and give a brief…show more content…
Informing your users to follow these policies is a must. When it comes to the vendor accessing your data though, it should be limited, as another business should not have access to more than they need. All connections between the two companies should also be secured. Employee Web Security Training: Conducting training to your users on proper and secure web usage should be required as you do not want to have employees just randomly browsing and clicking on anything that their heart desires. Training can reduce many different threats that can come from untrained employees such as social engineering, ignoring business policies and rules, and downloading files and software that could destroy company systems. A best practice would be conducting security training annually if not quarterly to meet standards. Requirements & Regulations that are needed for compliance: It is very important to meet the requirements of security standards and guidelines that are given out to be in compliance. For example, PCI-DSS requires networks to be secure and that credit card data if saved must be encrypted to meet compliance. Keeping this compliance up not only reduces overall costs and increases overall security, but also reduces the risks of penalties being placed against the business. A best practice would be for the security professionals to be pro-active and be always up to date on
Get Access