Uploaded byshumailach472
PDF, PPTX30 views

Program Security in information security.pdf

The document discusses program security as a set of practices to protect computer programs from unauthorized access and vulnerabilities, essential due to increasing cyber threats. It highlights recent security breaches and incidents, outlines goals and secure programming practices, and emphasizes the importance of threat modeling and security testing in the software development lifecycle. Additionally, it addresses security standards that organizations must adhere to for effective information security management.

Embed presentation

Download as PDF, PPTX
Program Security By Prof. Muhammad Iqbal Bhat Government Degree College Beerwah P r o f . M . I q b a l B h a t ( J K H E D )
Topics DEFINITION OF PROGRAM SECURITY GOALS OF PROGRAM SECURITY EXAMPLES OF PROGRAM SECURITY BREACHES OVERVIEW OF SECURE PROGRAMMING PRACTICES P r o f . M . I q b a l B h a t ( J K H E D )
Recent Attacks: Incident Description Date Impact SolarWinds supply chain attack Hackers compromised SolarWinds' software supply chain to distribute malware that gave them access to hundreds of organizations' networks, including government agencies and Fortune 500 companies. December 2020 Impact still being assessed, but potentially significant compromise of confidential data, potential for espionage, and reputational damage for affected organizations. Colonial Pipeline ransomware attack A ransomware attack shut down Colonial Pipeline's computer systems, causing disruptions in the fuel supply chain on the East Coast of the United States. May 2021 Colonial Pipeline paid $4.4 millionin ransom to the attackers. Short- term fuel shortages, long-term damage to the company's reputation, and potential financial losses. Microsoft Exchange Server vulnerabilities Several zero-day vulnerabilities were discovered in Microsoft Exchange Server, which allowed hackers to steal sensitive data from organizations' email servers. March 2021 Impact still being assessed, but potentially significant compromise of confidential data, potential for espionage, and reputational damage for affected organizations. Twitter hack Hackers gained access to Twitter's internal systems and hijacked high- profile accounts, including those of Barack Obama and Elon Musk, to promote a bitcoin scam. July 2020 Damage to the reputation of affected individuals and potential financial losses for those who fell victim to the scam. Equifax data breach Hackers accessed Equifax's database and stole personal and financial information of 143 millionconsumers. May-July 2017 Equifax agreed to pay $700 million to settle claims related to the breach. Significant financial losses and reputational damage for Equifax and potential financial losses for affected consumers. P r o f . M . I q b a l B h a t ( J K H E D )
Program Security: Program security is a set of practices, processes, and technologies used to protect computer programs from unauthorized access, modification, or destruction. Programs can include any software, from standalone applications to complex systems and networks. Program security is a subset of information security, which refers to the protection of all types of information assets, including data, software, hardware, and people. Program security involves both proactive measures, such as implementing security controls, and reactive measures, such as detecting and responding to security incidents. Program security is essential in today's digital world due to the growing number and sophistication of cyber threats, which can lead to financial loss, reputation damage, and legal liability for organizations. Program security is a multifaceted discipline that encompasses a range of technical and non- technical areas, including cryptography, access control, risk management, incident response, and security awareness training. Program security is often integrated into the software development lifecycle, with security requirements and testing being incorporated throughout the process. Program security is not a one-time effort but an ongoing process, as new threats and vulnerabilities emerge and existing ones evolve over time. Program security requires a holistic approach that considers not only technical factors but also organizational culture, policies, and governance structures. P r o f . M . I q b a l B h a t ( J K H E D )
Goals of Program Security: Confidentiality: ensuring that information is kept confidential and is not disclosed to unauthorized parties. Integrity: ensuring that information is accurate and has not been tampered with. Availability: ensuring that information and services are available when needed. Non-repudiation: ensuring that the actions of a user or system cannot be denied or disputed. Authentication: verifying the identity of a user or system. Authorization: granting or denying access to resources based on a user's identity and permissions. Accountability: ensuring that users are held responsible for their actions. P r o f . M . I q b a l B h a t ( J K H E D )
Secure programming practices Secure programming practices are techniques used to develop software that is resistant to security threats and vulnerabilities. Secure programming practices should be applied throughout the software development lifecycle, including design, coding, testing, and deployment. Secure programming practices are intended to prevent or mitigate various types of security vulnerabilities, such as buffer overflows, SQL injection, cross-site scripting (XSS), and race conditions. Some common secure programming practices include input validation, output encoding, proper error handling, authentication and access control, encryption and decryption, and secure coding standards. Input validation involves checking and sanitizing user input to ensure it meets certain criteria, such as type, length, and format. Output encoding involves encoding output to prevent injection attacks, such as XSS attacks, which exploit vulnerabilities in web applications that allow user input to be included in web pages without proper encoding. P r o f . M . I q b a l B h a t ( J K H E D )
Continue… Proper error handling involves handling errors in a way that does not expose sensitive information or provide information that could be used to exploit the system. Authentication and access control involves verifying the identity of users and restricting access to resources based on their permissions and privileges. Encryption and decryption involve protecting data by converting it into a code that cannot be easily read or understood without a decryption key. Secure coding standards are guidelines or best practices for writing secure code that are often enforced through code reviews or automated tools. Secure programming practices are constantly evolving as new threats and vulnerabilities emerge, so it is important for developers to stay up-to-date on the latest techniques and tools for secure programming. Secure programming practices are increasingly important in the age of cloud computing, mobile computing, and Internet of Things (IoT) devices, where software systems are more interconnected and exposed to a wider range of security threats and vulnerabilities. P r o f . M . I q b a l B h a t ( J K H E D )
Threat Modeling: Threat modeling is a process used to identify and prioritize potential threats and vulnerabilities in a software system or application. The goal of threat modeling is to provide a structured approach to security risk assessment and help developers and security analysts identify and address security issues before they are exploited by attackers. Threat modeling can be done at various stages of the software development lifecycle, from design to deployment, and can be applied to both new and existing software systems. Threat modeling can also be automated using tools such as Microsoft Threat Modeling Tool, IriusRisk, and ThreatModeler. Threat modeling is an important part of a comprehensive security program, but it is not a substitute for other security measures, such as access controls, encryption, and monitoring. P r o f . M . I q b a l B h a t ( J K H E D )
Threat Modeling Process: Identify the system components and boundaries: This involves identifying the various components of the system and defining the boundaries of the system, including inputs and outputs. Create a data flow diagram: This involves mapping out the flow of data through the system, including how data enters, moves through, and exits the system. Identify threats and vulnerabilities: This involves identifying potential threats and vulnerabilities at each stage of the data flow, including input validation, authentication and access control, encryption, and error handling. Prioritize and evaluate threats: This involves prioritizing the identified threats based on the potential impact and likelihood of occurrence and evaluating the effectiveness of existing security controls in mitigating these threats. Mitigate the most critical threats: This involves implementing appropriate security measures to address the most critical threats identified during the threat modeling process. P r o f . M . I q b a l B h a t ( J K H E D )
Security Testing: Security testing is a process used to evaluate the security posture of a software system or application by simulating various types of attacks and vulnerabilities. The goal of security testing is to identify and address security vulnerabilities before they are exploited by attackers and to ensure that the software system or application meets the security requirements and standards. Security testing can be done at various stages of the software development lifecycle, from design to deployment, and can be applied to both new and existing software systems. Security testing can be done using various techniques and tools, such as penetration testing, vulnerability scanning, code review, and fuzz testing. Penetration testing involves simulating attacks on a software system or application to identify vulnerabilities and assess the effectiveness of existing security controls. Vulnerability scanning involves using automated tools to scan a software system or application for known vulnerabilities and misconfigurations. Code review involves reviewing the source code of a software system or application to identify potential security vulnerabilities and weaknesses P r o f . M . I q b a l B h a t ( J K H E D )
Security Standards: Security standards and guidelines are sets of rules, requirements, and best practices that define the minimum security requirements for a software system or application. Security standards and guidelines are developed by various organizations and bodies, such as government agencies, industry associations, and standards organizations. Security standards and guidelines provide a framework for ensuring the confidentiality, integrity, and availability of information and data within a software system or application. Security standards and guidelines can cover various aspects of security, such as access controls, cryptography, network security, and software security. Compliance with security standards and guidelines is often required by law or regulation, or by contractual obligations with customers or partners. Adherence to security standards and guidelines can help organizations avoid security incidents and data breaches, reduce legal and financial risks, and improve customer trust and confidence. Security standards and guidelines should be integrated into the software development lifecycle to ensure that security is built into the software system or application from the beginning. P r o f . M . I q b a l B h a t ( J K H E D )
Examples of Security Standards: ISO/IEC 27001: This is an international standard that defines the requirements for an information security management system (ISMS). NIST Cybersecurity Framework: This is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines for improving cybersecurity risk management. PCI DSS: This is a set of security standards developed by the Payment Card Industry Security Standards Council to ensure the security of credit card transactions. OWASP Top Ten: This is a list of the top ten most critical web application security risks developed by the Open Web Application Security Project (OWASP). P r o f . M . I q b a l B h a t ( J K H E D )

More Related Content

PPTX
Software Security.Software Security.Software Security.Software Security.
bySuhail Qadir Mir
 
PPTX
chap-1 : Vulnerabilities in Information Systems
byKashfUlHuda1
 
PDF
OWASP Secure Coding Quick Reference Guide
byAryan G
 
PPTX
Best Practices for Embedding Security in the Development Stage
byCovrize IT Solutions Private Limited
 
PPTX
Code Review Cybersecurity: Comprehensive Guide to Secure Code Evaluation & B...
byhamdi71
 
PDF
An Introduction to Secure Application Development
byChristopher Frenz
 
PPTX
Information security software security presentation.pptx
bysalutiontechnology
 
PPTX
Built-in Security Mindfulness for Software Developers
byPhú Phùng
 
Software Security.Software Security.Software Security.Software Security.
bySuhail Qadir Mir
 
chap-1 : Vulnerabilities in Information Systems
byKashfUlHuda1
 
OWASP Secure Coding Quick Reference Guide
byAryan G
 
Best Practices for Embedding Security in the Development Stage
byCovrize IT Solutions Private Limited
 
Code Review Cybersecurity: Comprehensive Guide to Secure Code Evaluation & B...
byhamdi71
 
An Introduction to Secure Application Development
byChristopher Frenz
 
Information security software security presentation.pptx
bysalutiontechnology
 
Built-in Security Mindfulness for Software Developers
byPhú Phùng
 

Similar to Program Security in information security.pdf

PPTX
Information-security and best pracrices tools for the enhanced security of s...
bySamyaGufoor
 
PDF
Secure Software Design and Secure Programming
byMustafaAlshekly1
 
PDF
OWASP Secure Coding Practices - Quick Reference Guide
byLudovic Petit
 
PDF
Secure Coding Practices Every Developer Should Know.pdf
byZohaib Rizwan
 
PPT
Software Security in the Real World
byMark Curphey
 
PPT
Software Security Engineering
byMarco Morana
 
PDF
Secure Software Development: Best practice and strategies.pdf
byNexflare Dynamics
 
PDF
The Principles of Secure Development - BSides Las Vegas 2009
bySecurity Ninja
 
PPT
csce201 - software - sec Basic Security.ppt
bygealehegn
 
PPT
software-security-intro in information security.ppt
byismaeelsahib032
 
PPT
software-security-intro Secure software Design and Development
bysahar62648
 
PPT
Software security engineering
byAHM Pervej Kabir
 
PPT
Software security engineering
byAHM Pervej Kabir
 
PPT
software-security-intro-220901084730-8ed673b9.ppt
byAssadLeo1
 
PDF
The Future of Software Security Assurance
byRafal Los
 
PPT
Software Security topic in Information security .ppt
byismaeelsahib032
 
PDF
Importance of Secure Coding with it’s Best Practices
byElanusTechnologies
 
PPT
Software Security Testing
byankitmehta21
 
PPTX
Presentación Diapositivas Propuesta Proyecto Marketing Profesional Corporativ...
byjuan60m3zz
 
PPT
Chapter 2- Software Security FULL SLIDES.ppt
byLina Shimelis
 
Information-security and best pracrices tools for the enhanced security of s...
bySamyaGufoor
 
Secure Software Design and Secure Programming
byMustafaAlshekly1
 
OWASP Secure Coding Practices - Quick Reference Guide
byLudovic Petit
 
Secure Coding Practices Every Developer Should Know.pdf
byZohaib Rizwan
 
Software Security in the Real World
byMark Curphey
 
Software Security Engineering
byMarco Morana
 
Secure Software Development: Best practice and strategies.pdf
byNexflare Dynamics
 
The Principles of Secure Development - BSides Las Vegas 2009
bySecurity Ninja
 
csce201 - software - sec Basic Security.ppt
bygealehegn
 
software-security-intro in information security.ppt
byismaeelsahib032
 
software-security-intro Secure software Design and Development
bysahar62648
 
Software security engineering
byAHM Pervej Kabir
 
Software security engineering
byAHM Pervej Kabir
 
software-security-intro-220901084730-8ed673b9.ppt
byAssadLeo1
 
The Future of Software Security Assurance
byRafal Los
 
Software Security topic in Information security .ppt
byismaeelsahib032
 
Importance of Secure Coding with it’s Best Practices
byElanusTechnologies
 
Software Security Testing
byankitmehta21
 
Presentación Diapositivas Propuesta Proyecto Marketing Profesional Corporativ...
byjuan60m3zz
 
Chapter 2- Software Security FULL SLIDES.ppt
byLina Shimelis
 

Recently uploaded

PPTX
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 
PDF
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
PDF
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
PDF
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
PDF
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
PDF
Accelerating Data Validation with QuerySurge AI
byRTTS
 
PDF
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
PDF
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
PDF
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
PDF
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
PDF
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
PPTX
iufdh gugh w4i rvhdio tj43ko jdi90ft kj32whidglt
byjeromeschool1976
 
PDF
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
PPTX
Marketo API Deep Dive From Basics to AI-Ready Foundations - January 2026.pptx
bybbedford2
 
PDF
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
PDF
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
DOCX
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
PDF
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
PDF
V3Cube Innovating Digital Business Solutions
byV3CUBE TECHNOLABS
 
PPTX
Java Spring Boot Development Services in USA
bydavidjohansen1597
 
Windows File System Monitoring Tool Using C and C++
byAkshay Muley
 
LogiNext Media Kit & Company Overview 2025
byswatishahz9031
 
LogiNext Media Kit & Company Overview 2025
bysanikaroy72
 
LogiNext Media Kit & Company Overview 2025
bypriyajoshi2929
 
LogiNext Media Kit & Company Overview 2025
bynidhisharmaq7184
 
Accelerating Data Validation with QuerySurge AI
byRTTS
 
LogiNext Media Kit & Company Overview 2025
bydhrutipatelk5617
 
Smart ways to se AI in your business , presentation
byAI n Dot Net
 
Pet Care Service App Development Company
byV3CUBE TECHNOLABS
 
GDG ON CAMPUS NETAJI SUBHASH ENGINEERING COLLEGE BUILDING INTELLIGENT WEB APP...
bydscnsecorg
 
ChampionMATES – Compete With Friends. Predict Sports. Become the Champion.
byRafal Ksiazek
 
iufdh gugh w4i rvhdio tj43ko jdi90ft kj32whidglt
byjeromeschool1976
 
Water Delivery App Development Solutions.pdf
byeSiteWorld TechnoLabs Pvt. Ltd.
 
Marketo API Deep Dive From Basics to AI-Ready Foundations - January 2026.pptx
bybbedford2
 
Physiotherapist App Development for Modern Rehabilitation
byV3CUBE TECHNOLABS
 
How to find your event photos instantly with a selfie using SnapSeek
bySnapSeek.app
 
The Rise of Headless CMS in Modern Web Development.docx
bywork4noahmiller
 
Introducing MySQL HeatWave Migration Assistant
byAlexander Hitrov
 
V3Cube Innovating Digital Business Solutions
byV3CUBE TECHNOLABS
 
Java Spring Boot Development Services in USA
bydavidjohansen1597
 

Program Security in information security.pdf

  • 1.
    Program Security By Prof. Muhammad IqbalBhat Government Degree College Beerwah P r o f . M . I q b a l B h a t ( J K H E D )
  • 2.
    Topics DEFINITION OF PROGRAM SECURITY GOALSOF PROGRAM SECURITY EXAMPLES OF PROGRAM SECURITY BREACHES OVERVIEW OF SECURE PROGRAMMING PRACTICES P r o f . M . I q b a l B h a t ( J K H E D )
  • 3.
    Recent Attacks: Incident DescriptionDate Impact SolarWinds supply chain attack Hackers compromised SolarWinds' software supply chain to distribute malware that gave them access to hundreds of organizations' networks, including government agencies and Fortune 500 companies. December 2020 Impact still being assessed, but potentially significant compromise of confidential data, potential for espionage, and reputational damage for affected organizations. Colonial Pipeline ransomware attack A ransomware attack shut down Colonial Pipeline's computer systems, causing disruptions in the fuel supply chain on the East Coast of the United States. May 2021 Colonial Pipeline paid $4.4 millionin ransom to the attackers. Short- term fuel shortages, long-term damage to the company's reputation, and potential financial losses. Microsoft Exchange Server vulnerabilities Several zero-day vulnerabilities were discovered in Microsoft Exchange Server, which allowed hackers to steal sensitive data from organizations' email servers. March 2021 Impact still being assessed, but potentially significant compromise of confidential data, potential for espionage, and reputational damage for affected organizations. Twitter hack Hackers gained access to Twitter's internal systems and hijacked high- profile accounts, including those of Barack Obama and Elon Musk, to promote a bitcoin scam. July 2020 Damage to the reputation of affected individuals and potential financial losses for those who fell victim to the scam. Equifax data breach Hackers accessed Equifax's database and stole personal and financial information of 143 millionconsumers. May-July 2017 Equifax agreed to pay $700 million to settle claims related to the breach. Significant financial losses and reputational damage for Equifax and potential financial losses for affected consumers. P r o f . M . I q b a l B h a t ( J K H E D )
  • 4.
    Program Security: Program securityis a set of practices, processes, and technologies used to protect computer programs from unauthorized access, modification, or destruction. Programs can include any software, from standalone applications to complex systems and networks. Program security is a subset of information security, which refers to the protection of all types of information assets, including data, software, hardware, and people. Program security involves both proactive measures, such as implementing security controls, and reactive measures, such as detecting and responding to security incidents. Program security is essential in today's digital world due to the growing number and sophistication of cyber threats, which can lead to financial loss, reputation damage, and legal liability for organizations. Program security is a multifaceted discipline that encompasses a range of technical and non- technical areas, including cryptography, access control, risk management, incident response, and security awareness training. Program security is often integrated into the software development lifecycle, with security requirements and testing being incorporated throughout the process. Program security is not a one-time effort but an ongoing process, as new threats and vulnerabilities emerge and existing ones evolve over time. Program security requires a holistic approach that considers not only technical factors but also organizational culture, policies, and governance structures. P r o f . M . I q b a l B h a t ( J K H E D )
  • 5.
    Goals of ProgramSecurity: Confidentiality: ensuring that information is kept confidential and is not disclosed to unauthorized parties. Integrity: ensuring that information is accurate and has not been tampered with. Availability: ensuring that information and services are available when needed. Non-repudiation: ensuring that the actions of a user or system cannot be denied or disputed. Authentication: verifying the identity of a user or system. Authorization: granting or denying access to resources based on a user's identity and permissions. Accountability: ensuring that users are held responsible for their actions. P r o f . M . I q b a l B h a t ( J K H E D )
  • 6.
    Secure programming practices Secureprogramming practices are techniques used to develop software that is resistant to security threats and vulnerabilities. Secure programming practices should be applied throughout the software development lifecycle, including design, coding, testing, and deployment. Secure programming practices are intended to prevent or mitigate various types of security vulnerabilities, such as buffer overflows, SQL injection, cross-site scripting (XSS), and race conditions. Some common secure programming practices include input validation, output encoding, proper error handling, authentication and access control, encryption and decryption, and secure coding standards. Input validation involves checking and sanitizing user input to ensure it meets certain criteria, such as type, length, and format. Output encoding involves encoding output to prevent injection attacks, such as XSS attacks, which exploit vulnerabilities in web applications that allow user input to be included in web pages without proper encoding. P r o f . M . I q b a l B h a t ( J K H E D )
  • 7.
    Continue… Proper error handlinginvolves handling errors in a way that does not expose sensitive information or provide information that could be used to exploit the system. Authentication and access control involves verifying the identity of users and restricting access to resources based on their permissions and privileges. Encryption and decryption involve protecting data by converting it into a code that cannot be easily read or understood without a decryption key. Secure coding standards are guidelines or best practices for writing secure code that are often enforced through code reviews or automated tools. Secure programming practices are constantly evolving as new threats and vulnerabilities emerge, so it is important for developers to stay up-to-date on the latest techniques and tools for secure programming. Secure programming practices are increasingly important in the age of cloud computing, mobile computing, and Internet of Things (IoT) devices, where software systems are more interconnected and exposed to a wider range of security threats and vulnerabilities. P r o f . M . I q b a l B h a t ( J K H E D )
  • 8.
    Threat Modeling: Threat modelingis a process used to identify and prioritize potential threats and vulnerabilities in a software system or application. The goal of threat modeling is to provide a structured approach to security risk assessment and help developers and security analysts identify and address security issues before they are exploited by attackers. Threat modeling can be done at various stages of the software development lifecycle, from design to deployment, and can be applied to both new and existing software systems. Threat modeling can also be automated using tools such as Microsoft Threat Modeling Tool, IriusRisk, and ThreatModeler. Threat modeling is an important part of a comprehensive security program, but it is not a substitute for other security measures, such as access controls, encryption, and monitoring. P r o f . M . I q b a l B h a t ( J K H E D )
  • 9.
    Threat Modeling Process: Identifythe system components and boundaries: This involves identifying the various components of the system and defining the boundaries of the system, including inputs and outputs. Create a data flow diagram: This involves mapping out the flow of data through the system, including how data enters, moves through, and exits the system. Identify threats and vulnerabilities: This involves identifying potential threats and vulnerabilities at each stage of the data flow, including input validation, authentication and access control, encryption, and error handling. Prioritize and evaluate threats: This involves prioritizing the identified threats based on the potential impact and likelihood of occurrence and evaluating the effectiveness of existing security controls in mitigating these threats. Mitigate the most critical threats: This involves implementing appropriate security measures to address the most critical threats identified during the threat modeling process. P r o f . M . I q b a l B h a t ( J K H E D )
  • 10.
    Security Testing: Security testingis a process used to evaluate the security posture of a software system or application by simulating various types of attacks and vulnerabilities. The goal of security testing is to identify and address security vulnerabilities before they are exploited by attackers and to ensure that the software system or application meets the security requirements and standards. Security testing can be done at various stages of the software development lifecycle, from design to deployment, and can be applied to both new and existing software systems. Security testing can be done using various techniques and tools, such as penetration testing, vulnerability scanning, code review, and fuzz testing. Penetration testing involves simulating attacks on a software system or application to identify vulnerabilities and assess the effectiveness of existing security controls. Vulnerability scanning involves using automated tools to scan a software system or application for known vulnerabilities and misconfigurations. Code review involves reviewing the source code of a software system or application to identify potential security vulnerabilities and weaknesses P r o f . M . I q b a l B h a t ( J K H E D )
  • 11.
    Security Standards: Security standardsand guidelines are sets of rules, requirements, and best practices that define the minimum security requirements for a software system or application. Security standards and guidelines are developed by various organizations and bodies, such as government agencies, industry associations, and standards organizations. Security standards and guidelines provide a framework for ensuring the confidentiality, integrity, and availability of information and data within a software system or application. Security standards and guidelines can cover various aspects of security, such as access controls, cryptography, network security, and software security. Compliance with security standards and guidelines is often required by law or regulation, or by contractual obligations with customers or partners. Adherence to security standards and guidelines can help organizations avoid security incidents and data breaches, reduce legal and financial risks, and improve customer trust and confidence. Security standards and guidelines should be integrated into the software development lifecycle to ensure that security is built into the software system or application from the beginning. P r o f . M . I q b a l B h a t ( J K H E D )
  • 12.
    Examples of SecurityStandards: ISO/IEC 27001: This is an international standard that defines the requirements for an information security management system (ISMS). NIST Cybersecurity Framework: This is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines for improving cybersecurity risk management. PCI DSS: This is a set of security standards developed by the Payment Card Industry Security Standards Council to ensure the security of credit card transactions. OWASP Top Ten: This is a list of the top ten most critical web application security risks developed by the Open Web Application Security Project (OWASP). P r o f . M . I q b a l B h a t ( J K H E D )