9 hours 48 minutes
now, our next couple of slides just very quickly. Um, you know, we talk about some vulnerabilities
and some exploits. So how do we mitigate those? Well, we mitigate those through a process, right? We have a process to ensure that security is implemented throughout all the stages of the software development life cycle. And our processes are driven by our frameworks.
So the next two slides definitely something testable
are the frameworks that we use within our organization
are. So first of all, our organization will have an organizational normative framework. This is specified in ice. 0 27 034 I actually think you should know that. I so so organizational. Normative frameworks
documented, Specified, elaborated on in ice. 0 27 034 So what is this? So within every organization, we have a set of processes we have set of tools. We have the context
that defines how we develop our applications. Right. So, for instance, if we have to maintain compliance with Sarbanes Oxley for this type of ab
are within this organization or P C. I. D. S s or whatever that may be,
we have to refer to regulatory context. Our business context, any sort of tools that we have any sort of requirements, what libraries we have as far as four software development. So it's basically just a collection
of what we used to support software development.
All right, in organizational normative framework, every organization will have one organizational framework.
Makes sense pay. Now, with in each organization,
we will have multiple application normative frameworks. So, for instance, if we designed databases, we will have an application normative framework for databases. We will have an application normative framework for Web applications,
so I think the approach might be okay. Here's your environment. How Maney
organizational normative frameworks and how many application Normally frameworks like from a test perspective, one organization and as many applications as you have those application. Norman afraid works.
And the idea there is to have set of best practices tools and have consistency for application development have our processes in place.
So you can think of the application normative framework as a subset
off the organizational normative framework, and you'll have multiple A and EFS as subsets of the enough hope that makes sense. Okay, just a quick little idea about structure, about consistency, about best practices, about processes and tools. Those were referred to as the normative frameworks
Certified Cloud Security Professional (CCSP)
This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.