Security risk considerations in acquisitions, strategy, and practice

Information systems include various components, such as operating systems and application software, which may be off-the-shelf products or custom developed applications, database management systems, infrastructure, and so on. During development and/or implementation, security risks should be considered based on security requirements. Some such requirements are listed here:

• Security requirements analysis and specifications
• Security risks in the processing of data
• Need for cryptographic controls
• Risks in system operations
• Risks in development and support processes
• Technical vulnerability management
• Risks in outsourced software development

Note

Note that detailed information and best practices are provided in various chapters throughout this book.