Question

(Cyber security case study)

I want frameworks, legislation and regulatory requirements of 6 points below

That I can control and measure each of them

1- Demand software quality and security from suppliers. (example which frameworks can use for this recommndation (control and measure)

2- Perform stringent acceptance tests for third-party code.

3- Disable default accounts from applications.

4- Establish a secure operational environment for applications.

5- Implement effective bug-reporting and handling.

6- Perform risk assessments underpinned by strict Governance, risk and Compliance frameworks and legislations.

Thanks

Answer 1

1- Demand software quality and security from suppliers. (example which frameworks can use for this recommndation (control and measure)

- Always Change the default passwords for the default users.
- And Do not reuse the same passwords.
- when ever an employee is in leave Always disable the user accounts.
- Always track the logs in the server or systems and examine all kind of security logs in servers.
- Always do the regular network scans in the server or system.
- Always monitor the outbound network traffic in order to avoid the Malware detection.
- Always patch the systems and updates which are available and Keep the operating system and application software up to date.
- Always have plan for security precautions and implement the security plan.
- In between the clients and vendors raise user awareness about the security info.
- And have the management support to implement the security plan

2- Perform stringent acceptance tests for third-party code.

- By Developing a team mission statement that will be used in an company or in an organizational with there goals
- In order to make the team more successful we should try to Learn to identify, understand, and manage customers.
- In order to have better understand business goals we should Identify market forces that drive the business in present days.
- we always make sure of business and there Understanding on doing business and how business leaders develop strategy
- Make more informed purchase decisions to Apply analysis on vendors
- Understand the hackers and attacker motivations and techniques in all aspects
- Understand assets and process of business that are most valuable to the business.
- Learn the strategic planning of kill chain and threat intelligence in all levels.

3- Disable default accounts from applications so that We can know about
the Leadership of developing the organisation.
- we should Creating and Developing the entire working team.
- we should give them better Coaching and Mentoring the team
- we always maintain the Customer Service Focus
- we should rectify the Conflict Resolution
- We should maintain the Effective Communication
- Leading through Change
- There must be a Relationship Building within the team.
- Motivation and Self-direction
- There must be a effective Teamwork
- There must be Leadership Development

4- Establish a secure operational environment for applications.

- Saving and securing all the data of a organisation or a big company.
- In order to align security with the corporate culture we should Understand the values and culture of your organization
- Understand the current Strengths and the Weaknesses, and Opportunities, and Threats
- Identifying what needs to be done in the company or in an organisation for better security.
- Identifying what should be done first to give security.
- Approaches to obtaining funding
- Promoting the work of the team
- Developing effective metrics and Dashboards in the business
- Learning to innovate with the business so that it will be useful to business development

5- Implement effective bug-reporting and handling.

- we must know How policy protects people, organizations, and information
- we must know the Relationship of mission statement to policy
- we must know the Policy versus procedure.
- we must know the Policy needs assessment.
- we must know the Governing policy
- we must know the Issue-specific policy
- we must know the Positive and negative tone
- Policy review and assessment process
- we must know the Role of psychology in implementing policy
- we must know the Organizational culture

6- Perform risk assessments underpinned by strict Governance, risk and Compliance frameworks and legislations.

- The security policy should always take the consideration for all the regulatory and enterprise compliance which are require and how to apply timely patches to maintain compliance in the business.

- There should be a good Security policy enforcement. So that the security policy can defines how the IT platform behaves and validate that it is being enforced across our network.

- Doing the minimal amount of security precautions and security steps with some regulations wont make our network safer. So the Organizations must monitor their network for changes to configurations and ensure the changes are approved and compliant with the policy maintained.