23 March 2021
Security Assurance Concept for Your Business
In a bylined article in Security Magazine, Dmitry Vyrostkov, Head of Security at DataArt, shares a step-by-step guide to setting up a security assurance process.
«The approaches to building a security process differ from company to company, but the goal of the process is to design and implement software that protects the company’s data and resources, meets security requirements, and is resilient in the face of security vulnerabilities and failures. Many companies call this process «Security Assurance».
«Threat modeling and risk assessment. Set up a process by which potential security threats can be identified and enumerated. Once this is done, a project team should understand what the risks are and identify the potential impact of these threats. All these answers could help in planning mitigation controls and reducing the probability of any security breach.»
«Security architecture reviews. Security reviews are designed to discuss mechanisms suggested by the team and analyze whether they address the security requirements previously defined. The team could further work to identify relevant security mechanisms and controls and customize them according to project needs. Examples of such features and controls are public key infrastructure, cryptography and secrets storage, authentication services, access control, and security event logging.»
Original article can be found here.