Secure development policy
A.14_Politica_de_desarrollo_seguro_27001_ES", necesitamos saber para punto "3.3 Principios de ingeniería segura", ¿si estos principios debe ir detallados en esta política?, y si ésto es así, ¿que principios se deben incluir? o proporcionar alguna documentación o ejemplo para complementar este punto.
Assign topic to the user
Along with greetings, please we want to consult regarding the document "A.14_Politica_de_desarrollo_seguro_27001_ES", we need to know for point "3.3 Principles of safe engineering", if these principles should be detailed in this policy?, and if this is so, what principles should they be included? or provide some documentation or example to complement this point.
You can either document the principles you have in your organization in this section of the policy or refer to other documents where they are explained. Examples of principles are:
- security must be considered in business, data, application, and technological layers
- security must balance protection and accessibility needs
- adoption of user authentication techniques
- secure session control
- data validation
- guidance on secure programming techniques.
For further information, see:
- What are secure engineering principles in ISO 27001:2013 control A.14.2.5? https://advisera.com/27001academy/blog/2015/08/31/what-are-secure-engineering-principles-in-iso-270012013-control-a-14-2-5/
Comment as guest or Sign in
May 11, 2023