- Published: 16 July 2012
- Written by NStinchcombe
An ISACA leader has welcomed a Business2Community newswire editorial calling for organisations to include software testing as a key stage of their security governance strategy, noting that by including testing prior to choosing the actual applications, it can prevent problems at the software deployment stage.
Christos K. Dimitriadis, CISA, CISM, CRISC, international vice president of ISACA and chair of ISACA’s COBIT Security Task Force, says that software security governance should be a central facet of any organisation’s security plan, but is often overlooked, as it is frequently seen as a relatively mundane process
“Given that most organisations use software in order to enable and support their processes, there is a growing understanding that software testing is now a critical step in a businesses’ IT security planning strategy, which is covered in ISACA’s COBIT 5, the only business framework for the governance and management of enterprise IT.” Dimitriadis said.
Dimitriadis, lead author of the new COBIT 5 for Information Security, explained that, as Elina Smith says in her editorial, software testing is a technique that is performed to help provide professionals with the necessary assurance about the quality of their enterprise software.
“As Elina’s editorial notes, the verification and validation of the software product determines that the system is able to accomplish its predefined goals and the output generated by the system is the expected one. Software governance is now a growing part of the audit and accountancy function, and not just in the IT security space,” he said.
“And it’s for this reason that ISACA – which now has more than 100,000 constituents in 180 countries –agrees that software testing should form an integral part of any organisation’s security planning and review process,” Dimitriadis added.
For more on ISACA: http://www.isaca.org
For more on COBIT 5 for Information Security: http://www.isaca.org/cobit
For more on Elina Smith’s software governance editorial: http://bit.ly/LdjKMH
About ISACA
With more than 100,000 constituents in 180 countries, ISACA® (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems (IS) assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. Founded in 1969, the nonprofit, independent ISACA hosts international conferences, publishes the ISACA® Journal, and develops international IS auditing and control standards, which help its constituents ensure trust in, and value from, information systems. It also advances and attests IT skills and knowledge through the globally respected Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) designations.
ISACA continually updates and expands the practical guidance and product family based on the COBIT framework. COBIT helps IT professionals and enterprise leaders fulfill their IT governance and management responsibilities, particularly in the areas of assurance, security, risk and control, and deliver value to the business.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Contact:
Kristen Kessinger, +1.847.660.5512, This email address is being protected from spambots. You need JavaScript enabled to view it.
Hannah Rafferty, +44 (0) 207 183 2836, This email address is being protected from spambots. You need JavaScript enabled to view it.