Development and test systems and data must be kept separate from live systems and data; live data must not be used for testing or development.
As part of the requirements gathering and testing process for new or changes to existing systems, project executives (developers, project managers, IT Service Analysts, Business Analysts or local IT/project leads) will liaise with the Information Custodian, IT Security and the Institutional Resilience Team via informationsecurity at warwick dot ac dot uk. This is to allow for potential threats and concerns to be identified to assure that the information held or to be held in the system can be properly secured.
For example (but not limited to), applications must be able to demonstrate appropriate prevention of SQL injection attacks, session hijacking, cross-site scripting and information leakage.
Overall Framework Info
The minimum mandatory working practices in these pages are presented in boxed text to distinguish them from recommended practices.
Current document version: 1.3