Expert Advice Community

Guest

Control implementation

  Quote
Guest
Guest user Created:   Oct 22, 2019 Last commented:   Oct 22, 2019

Control implementation

 We have passed the stage 1 of ISO 27001, one of the minor finding we should have Secure system engineering principles, as we develop a software.

I checked in your documentation of ISO 27001, there is no Secure system Engineering policy and procedure. Could you provide some guidance what should be written?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 22, 2019

Please note that control A.14.2.5 "Secure system engineering principles" is covered in the Secure Development Policy template, located on folder 08 Annex A Security Controls >> A.14 System Acquisition Development and Maintenance

These articles will provide you further explanation about secure engineering principles and software development life cycle:
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
- How to integrate ISO 27001 A.14 controls into the system/software development life cycle (SDLC) https://advisera.com/27001academy/blog/2017/01/24/how-to-integrate-iso-27001-a-14-controls-into-the-system-software-development-life-cycle-sdlc/


These sites can also provide further information: 

- https://www.nist.gov/news-events/news/2018/01/update-nist-special-publication-800-160-systems-security-engineering

- https://www.owasp.org/index.php/Security_by_Design_Principles

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 21, 2019

Oct 21, 2019