Professional Documents
Culture Documents
Abstract:
Provide a brief summary of the assessment's key findings and recommendations related to OrelIT's
information security and secure software engineering practices.
2. Introduction to OrelIT:
Company Overview:
Introduce OrelIT, its size, location, and primary areas of software development.
Discuss OrelIT's mission statement and core values in relation to its software development
activities.
Describe OrelIT's information security policy and its role in shaping the company's
culture.
Explain how OrelIT aligns its information security practices with industry regulations and
standards.
Discuss OrelIT's approach to assessing and managing information security risks across the
enterprise.
[ 3 – Lasini ]
Describe the tools and technologies employed by OrelIT to ensure secure software
development.
Explain the training programs and awareness initiatives OrelIT has in place to promote
secure software engineering practices.
[ 4 – Damitha ]
Security Champions:
Discuss the concept of security champions within project teams and their
responsibilities.
Specify the roles and responsibilities of developers, quality assurance (QA) personnel, and
other team members concerning security.
Describe the roles and responsibilities of security reviewers or auditors in OrelIT's software
development process.
Effectiveness Analysis:
Evaluate how well project teams fulfill their roles in ensuring secure software engineering
practices.
Assess how effectively project teams respond to and resolve security incidents or
vulnerabilities.
Provide recommendations for improving the roles and responsibilities of project teams in
enhancing security.
[ 5 – Tharidu ]
6. Evaluation of Current Implementation of Secure Software Engineering at OrelIT and
Recommendations:
Assess the metrics and key performance indicators used to measure the effectiveness of
security practices.
Improvement Strategies:
[ 6 – Thilin ]