Tag Archives: development

Framework and Policy Development Team

The IT security policy framework is the foundation of an organizations information security program. The framework consists of a library of documents, but is just not a collection of documents. The framework and its documents are used to build an organizations processes, determine appropriate technologies to use, and lay the foundation for policy enforcement. The framework is a… Read More »

Measurement and Metrics in Secure Software Development

Measurement and Metrics in Secure Software Development Security metrics are measurements that can be applied to software development as a way to improve the security characteristics of the software being developed. Guidance on software measurement and analysis can be found in the International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 15939 (Software Measurement Process standard), the Capability… Read More »