IT Design Security
IRM has many years of experience working within the Information Technology Design functions of large enterprise clients. IRM has performed the following types of services but is able to perform custom services as required:
- Project Process Review
- Technical Security Standards
- System Security Architecture Review
- Security Testing
- Software Design Lifecycle Review
The review of project processes and the review and/or creation of technical security standards are an important step at the beginning of any long term engagement between IRM and a client; this creates an ongoing framework to efficiently deliver and monitor security controls within the IT design function.
Once the terms of reference of the IRM security experts have been established then individual project security architecture reviews and security testing can be undertaken as needed during new projects.
For those clients that develop software in-house IRM can not only provide application security technical standards, reviews of distributed application architectures and application security testing of implemented code but can also review the whole software development lifecycle (SDLC) to ensure that the most efficient method of including security has been implemented and is being monitored and controlled.
There can be significant cost savings by incorporating security at earlier stages within the SDLC rather than attempting to fix problems after the implementation stage.
