Cyber Security as a Process
Earlier during System/Software development there was only 3 parts, design, develop, test. Later the testing part was split into debugging, maintenance, version control. The main reason for this was the Y2K problem. Systems and Software developed before 2000 followed date system as dd/mm/yy which became a problem when it became 2000. Every financing data and many other things were about to collapse and we somehow overcame that issue.
During 2000 and later we started seeing bugs and the reason why s dedicated team to identify bugs was setup. When hacking became a serious thing and companies started loosing out, security teams came into light. Earlier how development and testing were two different process in SDLC now Security is also another process.
The importance of Security to exist as a process is very clear from all attacks and breaches happening all over the world. The year 2016 re-transformed the way security industry and businesses work. The year when Zero day attacks took place in a major and rapid scale. Most of them were due to negligence and giving less priority to data security and not updating or installing security patches.
Cyber Security is not a system factor anymore. It is only the human factor that determine the security level of any system or information.
- Education, training, skills
- Cyber Hygiene
- Poor policies, procedures and process
In today’s business processes, a simple error can end up resulting in huge lose. Even a common attack can harm the reputation of any well-known company as the damage is remarkably huge.
Hence Process is important and Security As A Process (SAAP) should be followed everywhere!
What are your thoughts on following such a process in development cycles? Post them below. :)