Security Checkpoints In Your SDLC?

November 30, 2015

My SOC 2 auditor says that we must include security checkpoints in our SDLC. If we have really good security process in place and review the code for security issues, why do we still need segregation of duties?

Because application security only works when it's integrated with the broader security context of your environment. A user or system that can span between production and development increases the attack surface of your environment and allows for potential attacks that may have nothing to do with unauthorized changes to production code.

Previous Article
System Usability, Security, and Privacy: A Beautiful Union
System Usability, Security, and Privacy: A Beautiful Union

Originally published on The Compliance & Ethics Blog

Next Article
Tips for Creating a Culture of Compliance
Tips for Creating a Culture of Compliance

Effective compliance and risk management goes far beyond a set of policies. To be effective, a company’s co...