Scribd Logo
Upload

Welcome to Scribd!

  • ISPM Topics

    Uploaded by

    Thilin Thungeesha
    7 views3 pages
    OrelIT is a software development company located in Sri Lanka. The assessment found that while OrelIT has implemented an information security program and secure software development lifecycle, opportunities exist to strengthen its practices. Key recommendations include clarifying security roles and responsibilities on project teams, enhancing security training programs, and establishing metrics to better measure the effectiveness of security controls. Overall, adopting a continuous improvement mindset around secure software engineering would help OrelIT further mature its practices.

    Original Description:

    Original Title

    ISPM topics

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    OrelIT is a software development company located in Sri Lanka. The assessment found that while OrelIT has implemented an information security program and secure software development lifecycle, opportunities exist to strengthen its practices. Key recommendations include clarifying security roles and responsibilities on project teams, enhancing security training programs, and establishing metrics to better measure the effectiveness of security controls. Overall, adopting a continuous improvement mindset around secure software engineering would help OrelIT further mature its practices.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views3 pages

    ISPM Topics

    Uploaded by

    Thilin Thungeesha
    OrelIT is a software development company located in Sri Lanka. The assessment found that while OrelIT has implemented an information security program and secure software development lifecycle, opportunities exist to strengthen its practices. Key recommendations include clarifying security roles and responsibilities on project teams, enhancing security training programs, and establishing metrics to better measure the effectiveness of security controls. Overall, adopting a continuous improvement mindset around secure software engineering would help OrelIT further mature its practices.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    1.

    Abstract:

    Provide a brief summary of the assessment's key findings and recommendations related to OrelIT's
    information security and secure software engineering practices.

    2. Introduction to OrelIT:

     Company Overview:

    Introduce OrelIT, its size, location, and primary areas of software development.

     Mission and Values:

    Discuss OrelIT's mission statement and core values in relation to its software development
    activities.

    [ 1,2 topics – Chamishka ]

    3. Overall Information Security Philosophy (Enterprise Infosec Program):

     Infosec Policy and Culture:

    Describe OrelIT's information security policy and its role in shaping the company's
    culture.

     Compliance and Regulations:

    Explain how OrelIT aligns its information security practices with industry regulations and
    standards.

     Risk Management Approach:

    Discuss OrelIT's approach to assessing and managing information security risks across the
    enterprise.

    [ 3 – Lasini ]

    4. Implementation of Secure Software Engineering at OrelIT:

     Secure Software Development Lifecycle (SDLC):


    Detail OrelIT's SDLC process, emphasizing security integration at each phase.

     Security Tools and Technologies:

    Describe the tools and technologies employed by OrelIT to ensure secure software
    development.

     Training and Awareness Initiatives:

    Explain the training programs and awareness initiatives OrelIT has in place to promote
    secure software engineering practices.

    [ 4 – Damitha ]

    5. Roles and Responsibilities of Project Teams:

     Security Champions:

    Discuss the concept of security champions within project teams and their
    responsibilities.

     Development Team Roles:

    Specify the roles and responsibilities of developers, quality assurance (QA) personnel, and
    other team members concerning security.

     Security Reviewers and Auditors:

    Describe the roles and responsibilities of security reviewers or auditors in OrelIT's software
    development process.

     Effectiveness Analysis:

    Evaluate how well project teams fulfill their roles in ensuring secure software engineering
    practices.

     Incident Response and Resolution:

    Assess how effectively project teams respond to and resolve security incidents or
    vulnerabilities.

     Recommendations for Role Enhancements:

    Provide recommendations for improving the roles and responsibilities of project teams in
    enhancing security.

    [ 5 – Tharidu ]
    6. Evaluation of Current Implementation of Secure Software Engineering at OrelIT and
    Recommendations:

     Security Incidents and Vulnerabilities:

    Analyze recent security incidents or vulnerabilities at OrelIT and their impact.

     Security Metrics and KPIs:

    Assess the metrics and key performance indicators used to measure the effectiveness of
    security practices.

     Improvement Strategies:

    Offer recommendations for enhancing OrelIT's secure software engineering practices,


    including training, tooling, and continuous improvement measures.

    [ 6 – Thilin ]

    You might also like