Risks on software development
Assign topic to the user
ISO 27001 SECURE DEVELOPMENT POLICY
Basic rules for secure development of software and systems.
Get it now 
ISO 27001 SECURE DEVELOPMENT POLICY
Basic rules for secure development of software and systems.
Get it now
ISO 27001 SECURE DEVELOPMENT POLICY
Basic rules for secure development of software and systems.
Get it now
Answer: The specific risks perceived by an organization regarding its processes (e.g., software development) and provided services (e.g., CRAM software on a SaaS environment) are unique considering its organizational context and objectives, and should be supported by a risk assessment process, but broadly speaking you should consider these references:
- Top Threats to Cloud Computing Plus: Industry Insights https://cloudsecurityalliance.org/download/top-threats-cloud-computing-plus-industry-insights/
- OWASP Top Ten 2017 Project https://www.owasp.org/index.php/Top_10-2017_Top_10
This article will provide you further explanation about risk assessment:
- ISO 27001 risk assessment & treatment – 6 basic steps https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
- ISO 27001 risk assessmen t: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
- Catalogue of threats & vulnerabilities https://advisera.com/27001academy/knowledgebase/threats-vulnerabilities/
These materials will also help you regarding risk assessment:
- Book ISO 27001 Risk Management in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- The basics of risk assessment and treatment according to ISO 27001 [free webinar] https://advisera.com/27001academy/webinar/basics-risk-assessment-treatment-according-iso-27001-free-webinar-demand/
Comment as guest or Sign in
May 09, 2018