Building Solid Security Testing Requirements
We know that security is a big deal, which is why TSG Training is running ISTQB Advanced Security Tester courses in association with industry-expert Randall Rice, who visits us next on November 12-15 in London.
The problem is with security is that it is such a big field, but we don’t seem to have a handle on it as in industry. Too frequently we see companies fix things and learn lessons once they’ve fallen foul of a security breach, but is that really what we should be doing? Prevention is definitely better than cure, particularly if you consider the publicity damage (TSB, Tesco and many others recently) and increasing sizes of fine being dolled out to companies falling foul of what are now well established guidelines from the regulators and the measures they will apply
So, where do we begin to get security into our systems? The same place as every other requirement – smack at the beginning of the programme, where security can be included with everything else and tested as being correct and able to be built. This, too is a big deal, as the breadth of security requirements has become increasingly wide, the result of which is that security is either missed out or simply tested as a ‘firewall’ post build activity .
To help, Randall has compiled a series of slides specifically on the subject of getting security requirements right and built in from the start. These will help you with a number of key measures, including: Business confidence, you are building the right thing, you are building the thing right.
Randall will be talking about requirements of security as just one of the topics on the new ISTQB Advanced Security course at TSG, the first of which is on November 12-15. Find out more about the course and come and join us – see here.