Putting protections in place is not enough security to give you peace of mind. To know that those protections are working as designed, organizations should routinely audit their access protections. You should also revisit your implementations to identify new risks that might need to be mitigated, and to ensure that the project is meeting the requirements that were agreed upon.
- Auditing and logging of changes. The processes and procedures for change control should be evaluated during an audit. Changes that are introduced in the middle of the development phase can cause problems that might not yet be discovered or caused in testing. The effectiveness of the change control methods should be an aspect of auditing the development phase.
- Risk analysis and mitigation. Most of the development methodologies discussed in section 8.1 include a process to perform a risk analysis of the current development cycle. When a risk has been identified, a mitigation strategy should be created to avoid that risk. Additionally, you can document why a risk might be ignored or not addressed during a certain phase of the development process.
For solution, online support and query email us at .