Security Policies and Procedures
tag: [Security Specialist, Legal & Compliance, Operations & Strategy, HR] As part of the external security review, it could be beneficial to also review the internal security policies and procedures as well. Some of the things that could be relevant to review are:
- Ensure there is a developed and maintained plan for responding to security incidents.
- Ensure there are defined roles and responsibilities, and enforce the principle of least privilege.
- Ensure there are processes implemented for managing changes to the codebase and infrastructure.
- Ensure there are regular training sessions conducted for all team members on security best practices.
- Ensure adherence to any potentially relevant regulatory and industry standards for your project.