| General | - Any security breach can be very costly. It may be subject to large fines and litigation, and affects campus reputation and trust.
- Security flaws can be much more costly to fix in production than in the design or implementation phase.
- Any security design modifications due to changing requirements can be very costly to change.
- Security needs to be considered during every stage of the software development lifecycle. (NIST Secure SDLC: http://www.guerilla-ciso.com/wp-content/uploads/2007/06/sdlc.jpg and http://csrc.nist.gov/groups/SMA/sdlc/documents/SDLC_brochure_Aug04.pdf)
- Education and training are vital to any project that uses data regulated by PCI, SB1386, HIPAA, or FERPA.
- Are project stakeholders, end users, project leaders, programmers, system administrators, and database administrators educated on the security requirements, appropriate use, policies, procedures, regulations, and compliance issues?
- Prior to the production release of a HIGH RISK application, additional personnel, such as any department security administrators, Help Desk, Computer Support Coordinators, or Deans, may need to be trained.
|
