Guest
Justification for Soa
I am trying to fill the SoA as indicated in the video tutorial. The tutorial mentions Requirement (law, contractual requirement, etc.) and Risk. For A.14.2.1, I covered the potential problems (CIA) for existing technology (known) in the Risk Assessment. However, the secure development is a mandatory policy, and I am not sure how to include the potential problems of the introduction of a new technology(unknown) in the RA. Should I also mention “Best practice”?
Assign topic to the user
Expert
Rhand Leal
Dec 20, 2016
Answer: Considering information systems life cycle, the introduction of new technologies in an already existent environment is part of the maintenance step, so to justify the adoption of security practices to minimize risks like poor systems compatibility (new systems working together with old ones) and lack of portability (migration of functionalities from old platform/solutions to new ones) issues, you could use as justification "process requirement".
Comment as guest or Sign in
Dec 20, 2016
Dec 20, 2016
Dec 20, 2016