The Onakee Group

Test Planning and Security Deployment

cecb_slide07

Security in Development through Tests and Planning

Security in development and support processes is an essential part of a comprehensive quality assurance and production control process and usually involves training and continuous oversight by the most experienced staff. Rules for system and software development should be developed. These rules should incorporate secure software development techniques such as user authentication, session control, logging, and data validation and sanitization. Unit, system, integration and regression testing should include testing of security requirements prior to deployment. Changes to the system as well as its operating environments should be managed, tested and approved. Support processes are closely related to ISO 12. Operations Security. As system maintenance occurs secure operational processes with regard to change control, separation of development, test and production environments as well as other operational controls provide many of the post implementation support processes and control.

01

Cyber Liability

“Cyber insurance coverage is a valuable and practical member benefit for lawyers offered through the ABA Insurance portfolio,” ABA President Linda A. Klein said. “As the number of cyber breaches increases everywhere and throughout all industries, it is critical that lawyers and law firms that rely on vast amounts of electronic data are protected.

02

Law Firm: Staff Training

Sherri Davidoff presented “Cybersecurity Training for Law Office Employees,” Everyone in your office should be trained, including lawyers, support staff, first-responders (IT personnel) and clients. Client portals for law firms are popular, but portal users must be trained, sometimes on a one-on-one basis.

03

Privacy Threat

Governments as well as private sectors has largely missed out on that transformation of data protection due to poor management of technology investments, and taking years longer than necessary to deploy, and delivering technologies that are obsolete by the time they are completed.

Get Started Learn More