News
ISACA leader welcomes call for software testing as an integral part of security governance
July 2012 by ISACA
An ISACA leader has welcomed a Business2Community newswire editorial calling for organisations to include software testing as a key stage of their security governance strategy, noting that by including testing prior to choosing the actual applications, it can prevent problems at the software deployment stage.
Christos K. Dimitriadis, CISA, CISM, CRISC, international vice president of ISACA and chair of ISACA’s COBIT Security Task Force, says that software security governance should be a central facet of any organisation’s security plan, but is often overlooked, as it is frequently seen as a relatively mundane process.
“Given that most organisations use software in order to enable and support their processes, there is a growing understanding that software testing is now a critical step in a businesses’ IT security planning strategy, which is covered in ISACA’s COBIT 5, the only business framework for the governance and management of enterprise IT.” Dimitriadis said.
Dimitriadis, lead author of the new COBIT 5 for Information Security, explained that, as Elina Smith says in her editorial, software testing is a technique that is performed to help provide professionals with the necessary assurance about the quality of their enterprise software.
“As Elina’s editorial notes, the verification and validation of the software product determines that the system is able to accomplish its predefined goals and the output generated by the system is the expected one. Software governance is now a growing part of the audit and accountancy function, and not just in the IT security space,” he said.
“And it’s for this reason that ISACA – which now has more than 100,000 constituents in 180 countries –agrees that software testing should form an integral part of any organisation’s security planning and review process,” Dimitriadis added.
