BITS Lists Software Guidelines

Financial Framework Will Improve Software Security for Banking
BITS Lists Software Guidelines
BITS, the technology policy division of The Financial Services Roundtable, has released guidelines for reducing online risks through secure application development.

See Also: Close the Gapz in Your Security Strategy

Known as the Software Assurance Framework, the guidelines provide strategic steps and program components to improve the design, creation and implementation of safe applications by financial institutions and third-party providers.

The framework addresses the following key component areas:

  • Education and training;
  • Security software assurance development standard;
  • Threat modeling;
  • Coding practices;
  • Security testing;
  • Pre-implementation practices;
  • Software assurance documentation archive best practices;
  • Post-implementation phase controls.

IT risk controls are more effective when they're imbedded within core business processes during software development, rather than being added later or bolted on risk assessments, BITS says.

The framework and guidance has been developed by subject matter experts focused on software for financial services. The aim is to provide financial institutions with a tool for improving software security controls and practices, BITS says.

Insecure software provides a number of risks to institutions, including increased attacks, potential exposure of personally identifiable customer and member information, and the theft of corporate information and intellectual property.

About the Author

Information Security Media Group

Information Security Media Group (ISMG) is the world's largest media company devoted to information security and risk management. Each of its 37 media sites provides relevant education, research and news that is specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud. Its yearly global summit series connects senior security professionals with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.