Application software such as web apps, graphics programs, databases, and payment processing are essential to many business operations.
Applications are often vulnerable to security issues which can lead to the exposure of confidential data.
As an example, US-based credit bureau Equifax neglected to apply a security patch to the web application framework they employed to manage customer complaints. This neglect enabled cyber attackers to exploit the security weaknesses of the web application, infiltrate Equifax’s corporate networks and steal sensitive information from around 145 million people.
ISO 27001:2022 Annex A 8.26 outlines how organisations can implement and implement information security requirements for applications during their development, use, and acquisition. It ensures that security measures are integrated into the life cycle of applications.
ISO 27001:2022 Annex A 8.26 allows organisations to defend their data assets stored on or processed by applications through the recognition and application of appropriate information security specifications.
The Chief Information Security Officer, backed by information security experts, should undertake the identification, approval, and implementation of information demands relating to the acquisition, utilisation and development of applications.
Jump to Topic