In Brief
Secure Applications: How Nationwide Does It
Nationwide Insurance's application security process
By Lauren Gibbons Paul
February 01, 2005 — CSO — 1. The sponsor of the proposed IT project fills out a 20-question security questionnaire that specifies the type of information involved, the criticality of the systems and connectivity with other platforms, outside systems and the like.
2. An information security consultant reviews the questionnaire and assigns the project a risk level based on weighted criteria.
3. The consultant checks in with the IT project team throughout development and also determines which security criteria are appropriate, based on the type of project and the degree of security risk.
4. With development complete, the consultant certifies in a document that the project has addressed all relevant security measures.
5. An accrediting authority (outside of security) decides whether to assume the residual risk inherent in the system. If the accreditation goes through, the system is deployed.
6. The accrediting authority has responsibility throughout the system's lifecycle, checking periodically to ensure that the level of attendant risk has not increased.
Other stories by Lauren Gibbons Paul
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
