Gaps in security processes highlighted by lifecycle study

By
Follow google news

More than half of IT managers fail to follow security and quality processes.

More than half of IT managers fail to follow key security and quality processes ‘rigorously'.


Research by (ISC)2, the International Association of Software Architects (IASA) and consultancy Creative Intellect of more than 170 professionals globally found that 59 percent of respondents are not following key security and quality processes rigorously, while 26 percent have little or no secure software development processes. This is despite many respondents carrying out reviews of their development and delivery processes.

When asked what was preventing respondents from improving security across the software delivery lifecycle, lack of management support and investment were cited by nearly two-thirds of respondents as the key reason. Of those surveyed, 69 per centclaimed not having the right culture, attitude and mindset were to blame, while the same number said not having appropriate processes was the culprit.

Commenting on the state of secure application lifecycle management study, Bola Rotibi, founder of Creative Intellect Consulting, said it was surprising to see so few organisations embedding security tightly into the software delivery process.

“We would like to see organisations taking a multi-faceted approach to tackling the software security challenge. Secure by design and practice should be the call to action adopted by organisations to address the software security challenge more directly,” he said.

“This report highlights significant gaps on following key security and quality processes required to develop and deliver secure systems and software,"said John Colley, managing director Europe, Middle East and Africa at (ISC)2.

“It appears that there is a significant failure to assess the risks associated with not recognising the need for tight controls to deliver secure systems and software.

"Even though the industry seems to have recognised the significance of following a change control process, lack of management support and investment for improving security across the software development lifecycle is preventing it from following the rigorous discipline required to deliver secure systems and software.”

This article originally appeared at scmagazineuk.com

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
auditgovernanceisc2security

Sponsored Whitepapers

The future of resilience: AI-Driven dynamic storage
The future of resilience: AI-Driven dynamic storage
Stop Hiring Like It’s 2025: AI-Augmented Cybersecurity Performance Data Every CISO Needs
Stop Hiring Like It’s 2025: AI-Augmented Cybersecurity Performance Data Every CISO Needs
5 reasons to adopt a mobile first security strategy
5 reasons to adopt a mobile first security strategy
Uncomplicate IT Service Delivery with AI Agents
Uncomplicate IT Service Delivery with AI Agents
Getting ahead of the tech: what’s next for Australian organisations in digital transformation
Getting ahead of the tech: what’s next for Australian organisations in digital transformation

Events

Most Read Articles

Dead cars tell tales by storing data that's never wiped

Dead cars tell tales by storing data that's never wiped
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
FBI remotely patched privately-owned routers to evict Russian GRU spies

FBI remotely patched privately-owned routers to evict Russian GRU spies
AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks

AI-boosted hacks with Anthropic’s Mythos could have dire consequences for banks
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?