Toronto, ON (PRWEB) September 23, 2014
Security Compass, a leading web and mobile application security firm, announces updated support for ISO/IEC 27001:2013 in its latest version of SD Elements, the secure application lifecycle management tool. ISO/IEC 27001:2013 is the international body’s most recently updated standard for establishing, implementing, maintaining and continually improving an information security management system within the context of an organization.
As part of this update, release 2.33, SD Elements now supports 36 ISO/IEC 27001:2013 security controls within its software security requirements for developers. Altogether, these controls are covered by 146 separate requirements (tasks) in the library of SD Elements.
“One of the most notable changes in 27001:2013 in contrast to the 2005 version of the same standard is addition of an strong emphasis on centralized and consistent management of security requirements” - Ehsan Foroughi, Director of Research at Security Compass.
Both in the requirements and controls of ISO 27001:2013 use of a security requirements management system is strongly encouraged, or even mandated in some cases.
SD Elements clients will receive immediate compliance benefits with these sections. The following is a list of the related sections and controls:
- Section 6.1.2: b) Consistent and repeatable risk assessments produce
- Control A.6.1.5: Accommodating security information in project management for all types of project.
- Control A.12.6.1: Centralized information about technical vulnerabilities of information systems
- Control A.14.1.1: Re-use of security related requirements for existing information systems
- Control A.14.2.6: Testing of security functionality during development
- Control A.18.1.1: Meeting legislative, regulatory and contractual requirements
- Control A.18.2.1: Independent review of organization’s approach to managing information security at planned intervals or when significant changes occur.
In addition, SD Elements release 2.33 makes it easier to understand, follow, enforce, and report on the new security standards established by ISO/IEC 27001:2013.
However, certain aspects of ISO/IEC 27001:2013, such as policies go beyond the scope of SD Elements, so it’s important for organizations to make sure they are addressing these independently. There are also a number of security controls that go beyond the software level and which require organizational level attention: deployment related controls, availability related controls, HR controls, asset handling controls, physical security controls, backup and maintenance controls and supplier relationship control.
ABOUT SD ELEMENTS
SD Elements is a software security requirements management solution that eliminates at least 97% of high risk vulnerabilities at the earliest stage of the software development lifecycle. It provides prescriptive, secure coding advice based on your project’s application technology, business and compliance drivers. SD Elements can easily scale to thousands of applications allowing centralized information security teams to positively influence software development across the organization with minimal process change. SD Elements eliminates security vulnerabilities before scanning begins – the most cost effective way of mitigating risks.
Website: http://www.securitycompass.com/sdelements
ABOUT SECURITY COMPASS
Headquartered in Toronto, Security Compass is a leading information security firm specializing in web and mobile application security for Fortune 10s-500s, large financial institutions, energy firms, technology/software providers, media companies, retailers and other businesses. Security Compass guides teams in building customized security blueprints based the industry, software development lifecycle, and business needs to cost-effectively mitigate risks. Its secure application lifecycle management tool, SD Elements was recognized by Gartner’s 2014 “Cool Vendors in Application and Endpoint Security” report. Website: http://www.securitycompass.com.