Time
9 hours 48 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Transcription

00:00
now, our next couple of slides just very quickly. Um, you know, we talk about some vulnerabilities
00:07
and some exploits. So how do we mitigate those? Well, we mitigate those through a process, right? We have a process to ensure that security is implemented throughout all the stages of the software development life cycle. And our processes are driven by our frameworks.
00:26
So the next two slides definitely something testable
00:29
are the frameworks that we use within our organization
00:32
are. So first of all, our organization will have an organizational normative framework. This is specified in ice. 0 27 034 I actually think you should know that. I so so organizational. Normative frameworks
00:50
documented, Specified, elaborated on in ice. 0 27 034 So what is this? So within every organization, we have a set of processes we have set of tools. We have the context
01:04
that defines how we develop our applications. Right. So, for instance, if we have to maintain compliance with Sarbanes Oxley for this type of ab
01:12
are within this organization or P C. I. D. S s or whatever that may be,
01:19
we have to refer to regulatory context. Our business context, any sort of tools that we have any sort of requirements, what libraries we have as far as four software development. So it's basically just a collection
01:37
of what we used to support software development.
01:40
All right, in organizational normative framework, every organization will have one organizational framework.
01:48
Makes sense pay. Now, with in each organization,
01:53
we will have multiple application normative frameworks. So, for instance, if we designed databases, we will have an application normative framework for databases. We will have an application normative framework for Web applications,
02:10
so I think the approach might be okay. Here's your environment. How Maney
02:15
organizational normative frameworks and how many application Normally frameworks like from a test perspective, one organization and as many applications as you have those application. Norman afraid works.
02:28
And the idea there is to have set of best practices tools and have consistency for application development have our processes in place.
02:38
So you can think of the application normative framework as a subset
02:43
off the organizational normative framework, and you'll have multiple A and EFS as subsets of the enough hope that makes sense. Okay, just a quick little idea about structure, about consistency, about best practices, about processes and tools. Those were referred to as the normative frameworks

Up Next

Certified Cloud Security Professional (CCSP)

This Certified Cloud Security Professional (CCSP) certification course covers topics across six domains, to ensure the candidate has a wide range of competencies and is capable in the assessment and implementation of cloud service solutions.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor