Integrate IT security at the heart of your projects?

The global fight against cyber-crime weighs in at over 400 billion euros every year. This figure can be explained by the increasing number of attacks on information systems (e.g. WannaCry & NotPetya). This is why security is a key component of the success of your projects. The team in charge of development will need to integrate it before, during and after the project.

But what are the principles of security in projects? What are the preconceived ideas in terms of security? You will find in this article a set of experts' views on the subject.

Received ideas about Information Systems security

There are many misconceptions when it comes to IT security. These are highlighted by Laurent Bloch and Christoph Wolfhugel in the text below. The authors discuss the 6 most common, yet naive, misconceptions about information systems. Perhaps this analysis will give you a fresh perspective on the subject, so you can stop making the same mistakes.

Computer security - Principles and methods (Estimated reading time: 45 min)

A few obvious facts

• Setting default permissions for software installations is a good idea
• It is possible to draw up a list of threats
• Testing platforms by intrusion and then correcting afterwards is a good idea.
• Pirates are "nice" people
• Users are already trained to use the Information System properly
• It's better to adopt new IT features right away than to wait.

Modifying the information system: a loophole for hackers

Modifying the information system can be a potential vulnerability for hackers. So be careful!

Each version upgrade brings with it its new features, but also its risks. The new version is more fragile and often contains one or more flaws in the system. These are all doors of entry for ill-intentioned hackers (whether for ideology, money or symbolism). In his course offered to students at INSA Toulouse, the lecturer explains how to integrate the concept of security into IS project management.

Processes for integrating security into IS projects (Estimated reading time: 20 min)

 IS project risk management

Risk management for Information System projects must be a constant concern. Good management requires a sound methodology and precise milestones:

• Take SSI risks into account as early as possible
• An IS with a level of security that meets business and corporate needs
• Train users in good and bad behavior

Risk management throughout the project

Confidentiality is the watchword for maximum security. From its creation to its release, a public project is at greater risk than one that remains private. Piloter.org illustrates the subject throughdocument exchange.

Risk management and project safety (Estimated reading time: 3 min)

Control the flow of important documents

During the course of a project, hundreds of documents are exchanged between collaborators. Some are of lesser importance, while others need to be handled with the utmost security. To avoid any problems, we need to control the circulation of these documents.

Enhanced security throughout the project lifecycle

IT projects, both internal and external, are multiplying, making them just as many targets for cyber-attacks. To protect your projects, the CISO(Information Systems Security Manager) is there to support you at every stage. They bring their expertise to the table, helping to secure IT development. A healthy information system will prevent cyber-attacks in the future.

Security in IT development projects (Estimated reading time: 3 min)

Safety first

In this article from Ysosecure, we present the elements you need to integrate into your IT project to ensure that it runs smoothly and safely.

More info on :

• Visit risk management (Risk management)
• The WannaCry
• The GDPR