This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Talk:Industry:Project Review/NIST SP 800-37r1 FPD Appendix G"
From OWASP
Dan Philpott (talk | contribs) (Added footnotes section.) |
(→G.1 MONITORING STRATEGY) |
||
| Line 12: | Line 12: | ||
== G.1 MONITORING STRATEGY == | == G.1 MONITORING STRATEGY == | ||
| − | + | The draft appears to see security requirements as separate from functional requirements. However, the "build security in" philosophy would include security requirements in the analysis, desgin, and testing stages of the SDLC. Therefore, security requirements should also be incorporated into the regression testing performed when any changes are verified and validated. | |
== G.2 SELECTION OF SECURITY CONTROLS FOR MONITORING == | == G.2 SELECTION OF SECURITY CONTROLS FOR MONITORING == | ||
Revision as of 20:06, 19 December 2009
APPENDIX G
CONTINUOUS MONITORING
MANAGING AND TRACKING THE SECURITY STATE OF INFORMATION SYSTEMS
G.1 MONITORING STRATEGY
The draft appears to see security requirements as separate from functional requirements. However, the "build security in" philosophy would include security requirements in the analysis, desgin, and testing stages of the SDLC. Therefore, security requirements should also be incorporated into the regression testing performed when any changes are verified and validated.
