Welcome to NBlog, the NoticeBored blog

I may meander but I'm exploring, not lost

Oct 1, 2008

Bootstrapping for software developers

Why is it that so many organizations expect their software developers and other IT people to “do” information security, yet they don’t bother to train them in the art?

A new security awareness briefing pack contains a set of notelets (short briefings) to help those involved in managing and delivering IT system developments fulfill their information security obligations.

The notelets fall into two groups:
  1. Technical notelets introduce common information security controls, explain generic control requirements and outline the options available to satisfy those requirements.
  2. Development process notelets outline information security issues that ought to be taken into account during most software developments (including ‘end user computing’ projects such as spreadsheet programs).
Although all the notelets are succinct double-sided items, the briefing pack contains 33 of them and hence with introduction and copyright notice is some 70 pages in total.
Download the complete pack here (1Mb PDF file).

The editable MS Word version of the pack is available free of charge on request by NoticeBored customers. An earlier version of the pack was delivered in the module on ‘SDLC integration’ in 2006.