Double-click to edit button text.
تواصل معناالشركاءالتوظيف

1 Purpose

The purpose of this policy and procedure is to ensure that web applications maintain the security posture, compliance, risk management, and change control of NADEC IT resources. It establishes requirements for building security in information systems including infrastructure, business applications, and user-developed applications, to maintain security of application systems and information processing facilities.

2 Scope

This policy and procedure covered the acquisition and maintenance of all NADEC information

systems, including systems that create, process, store, or transfer of information.

3 Policy Statement

The web application security policy for NADEC is to enforce that web applications maintain the

security posture, compliance, risk management, and change control of NADEC IT Resources.

4 Security Requirements During SDLC Phases

4.1 Project Planning

For all information assets in development or undergoing significant changes, an information security risk assessment during the project-planning phase must be performed to identify appropriate security requirements. The security requirements must be defined based on the result of the risk assessment, product/software requirements, legal and regulatory requirements for bata protection and approved NADEC policies and procedures.

Initial risk analysis must be performed by considering applicable use-cases or attacks (how users can misuse or exploit weak controls in software features to attack an application). Cybersecurity activities must be involved during the requirement gathering phase to promote cybersecurity activities in phases within the SDLC.

Application security requirements for the new application/software must be prepared and included as part of the Software Requirement Specification document that covers: