The main stages of the methodology for justifying measures
Posted: Mon Feb 10, 2025 9:33 am
From Agile to SecAgile
To develop secure digital platforms, it is recommended to add a number of special methodological techniques to the classic Agile methodology.
The need to take into account safety requirements
The need to take into account safety requirements
Today, the best practice of secure software development includes requirements and recommendations: SDL PCI DSS, SDL Microsoft, SDL Cisco, 7.3.5 STO BR IBBS-1.4-2018, etc.
Microsoft SDL Practice
Microsoft SDL Practice
For example, Microsoft's SDL includes the following standard set of measures in its measures for secure software development: training, setting security requirements, design, risk analysis of software architecture (modeling information security threats), static and dynamic analysis of program source code, security testing, release and support .
However, the mentioned practice does not contain germany mobile database for independent assessment of the completeness and reliability of the implemented security measures. It should be noted that the requirements of the so-called "Common Criteria" (ISO/IEC 15408), widely used for software assessment according to information security requirements, are also functionally limited. For example, they are applied only to software with security functions, and the nomenclature of measures does not contain requirements for static and dynamic analysis, training, etc.
Therefore, to remove the specified restrictions, it is proposed to use the recommendations of national standards:
GOST R 56939 " Information security. Development of secure software. General requirements". Contains a number of general requirements for the implementation of measures for the development of secure software;
GOST R " Information security. Development of secure software. Information security threats during software development ". Defines the nomenclature of typical information security threats;
GOST R " Information Security. Development of Secure Software. Software Development Guidelines ". Includes a set of practical recommendations for the implementation of measures for developing secure software in accordance with GOST R 56939;
GOST R " Information Security. Development of Secure Software. Conformity Assessment Methodology ". Describes a number of standard procedures for verifying the compliance of software development organizations with the requirements of GOST R 56939.
To develop secure digital platforms, it is recommended to add a number of special methodological techniques to the classic Agile methodology.
The need to take into account safety requirements
The need to take into account safety requirements
Today, the best practice of secure software development includes requirements and recommendations: SDL PCI DSS, SDL Microsoft, SDL Cisco, 7.3.5 STO BR IBBS-1.4-2018, etc.
Microsoft SDL Practice
Microsoft SDL Practice
For example, Microsoft's SDL includes the following standard set of measures in its measures for secure software development: training, setting security requirements, design, risk analysis of software architecture (modeling information security threats), static and dynamic analysis of program source code, security testing, release and support .
However, the mentioned practice does not contain germany mobile database for independent assessment of the completeness and reliability of the implemented security measures. It should be noted that the requirements of the so-called "Common Criteria" (ISO/IEC 15408), widely used for software assessment according to information security requirements, are also functionally limited. For example, they are applied only to software with security functions, and the nomenclature of measures does not contain requirements for static and dynamic analysis, training, etc.
Therefore, to remove the specified restrictions, it is proposed to use the recommendations of national standards:
GOST R 56939 " Information security. Development of secure software. General requirements". Contains a number of general requirements for the implementation of measures for the development of secure software;
GOST R " Information security. Development of secure software. Information security threats during software development ". Defines the nomenclature of typical information security threats;
GOST R " Information Security. Development of Secure Software. Software Development Guidelines ". Includes a set of practical recommendations for the implementation of measures for developing secure software in accordance with GOST R 56939;
GOST R " Information Security. Development of Secure Software. Conformity Assessment Methodology ". Describes a number of standard procedures for verifying the compliance of software development organizations with the requirements of GOST R 56939.