security engineers Security engineering within the software development life cycle comprises security-focused design, software development, coding, and configuration, some or all of which may be relevant for a given information system.
System development teams performing security engineering activities may choose to follow applicable guidance from NIST or other government sources, industry standards and practices, internal agency procedures, or methods recommended by vendors, contractors, or other third-party sources. Potentially relevant sources
These sources provide general guidance on secure systems engineering and recommended practices for software assurance; the decision to use any particular source within an agency depends on applicable organizational policy, requirements, or constraints for system development projects. Special Publication 800-27 presents a set of 33 security engineering principles organizations should consider in the design, development, and operation of their information systems.
System development teams performing security engineering activities may choose to follow applicable guidance from NIST or other government sources, industry standards and practices, internal agency procedures, or methods recommended by vendors, contractors, or other third-party sources. Potentially relevant sources
These sources provide general guidance on secure systems engineering and recommended practices for software assurance; the decision to use any particular source within an agency depends on applicable organizational policy, requirements, or constraints for system development projects. Special Publication 800-27 presents a set of 33 security engineering principles organizations should consider in the design, development, and operation of their information systems.
No comments:
Post a Comment