search

sentenz / convention

General articles, conventions, and guides.
https://sentenz.github.io/convention/
Apache License 2.0
4 stars 2 forks source link

Create an article about `Software Security` #339

Open sentenz opened 4 months ago

sentenz commented 4 months ago

Software Security

Software Principle Software Term Software Category SSDLC Phase Cybersecurity Standards Compliance Standards Quality Standards
Security by Design Security Principles Software Design Principles
Secure Software Development Lifecycle (SSDLC) Development Practices Planning ISO/IEC 27034, NIST SP 800-64 Rev. 2, NIST SP 800-218, BSIMM, SAMM, OWASP, IEC 62443-4-1
Security Awareness Training Human Resource Security Planning ISO/IEC 27002, NIST SP 800-50, IEC 62443-2-1, IEC 62443-2-4, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Security Requirements Engineering Requirement Analysis Planning/Design ISO/IEC 27034, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-1, NIS2 Art. 11
Risk Assessment Risk Management Planning/Design ISO/IEC 27001, ISO/IEC 27005, NIST SP 800-30 Rev. 1, IEC 62443-3-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Threat Modeling Risk Management Planning/Design ISO/IEC 27005, NIST SP 800-30 Rev. 1, STRIDE, IEC 62443-3-2, NIS2 Art. 20-23
Security Architecture Security Architecture Planning/Design ISO/IEC 27034, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-1, NIS2 Art. 21
Zero Trust Architecture Security Architecture Planning/Design/Operations NIST SP 800-207, IEC 62443-3-3, NIS2 Art. 21
Software Composition Analysis (SCA) Security Assessment Development ISO/IEC 27034, OWASP, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-1, NIS2 Art. 21
SAST (Static Application Security Testing) Security Testing Development ISO/IEC 27034, NIST SP 800-53 Rev. 5, CWE, OWASP, IEC 62443-3-3, IEC 62443-4-1, NIS2 Art. 21
Secure Coding Practices Development Practices Development ISO/IEC 27034, CERT Secure Coding Standards, IEC 62443-4-1, IEC 62443-4-2, NIS2 Art. 21
Static Analysis Code Analysis Development ISO/IEC 27034, NIST SP 800-53 Rev. 5, CWE, OWASP, IEC 62443-3-3, IEC 62443-4-1, NIS2 Art. 21
Code Review Code Analysis Development ISO/IEC 27034, NIST SP 800-53 Rev. 5, CWE, OWASP, IEC 62443-3-3, IEC 62443-4-1, NIS2 Art. 21
DevSecOps Development Practices Development/Operations ISO/IEC 27034, NIST SP 800-53 Rev. 5, IEC 62443-4-1, NIS2 Art. 25
Dynamic Analysis Code Analysis Testing ISO/IEC 27034, NIST SP 800-53 Rev. 5, CWE, OWASP, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21
DAST (Dynamic Application Security Testing) Security Testing Testing ISO/IEC 27034, NIST SP 800-53 Rev. 5, CWE, OWASP, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21
Fuzz Testing Software Testing Testing ISO/IEC 27034, NIST SP 800-115, IEC 62443-4-1, IEC 62443-4-2, NIS2 Art. 21 IEEE 829
Vulnerability Scanning Security Assessment Testing ISO/IEC 27001, NIST SP 800-53 Rev. 5, NIST SP 800-40 Rev. 4, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Penetration Testing Security Testing Testing ISO/IEC 27001, NIST SP 800-115, OWASP ASVS, IEC 62443-3-3, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Secure Deployment Deployment Practices Deployment ISO/IEC 27034, NIST SP 800-53 Rev. 5, IEC 62443-4-1, NIS2 Art. 21
Configuration Management Configuration Control Maintenance ISO/IEC 27001, NIST SP 800-128, IEC 62443-2-1, IEC 62443-2-4, NIS2 Art. 21
Patch Management Security Operations Maintenance ISO/IEC 27002, NIST SP 800-40 Rev. 4, IEC 62443-2-1, IEC 62443-2-4, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Incident Response Incident Management Post-Deployment ISO/IEC 27035, NIST SP 800-61 Rev. 2, IEC 62443-2-1, IEC 62443-2-4, NIS2 Art. 10 PCI-DSS, HIPAA, SOX
Logging and Monitoring Observability Post-Deployment ISO/IEC 27002, NIST SP 800-137, IEC 62443-2-1, IEC 62443-2-4, NIS2 Art. 11 PCI-DSS, HIPAA, SOX
Security Metrics and Reporting Security Operations Operations ISO/IEC 27002, NIST SP 800-55, IEC 62443-2-1, NIS2 Art. 23
Digital Forensics Security Operations Operations ISO/IEC 27037, NIST SP 800-86, IEC 62443-2-4, NIS2 Art. 11 PCI-DSS, HIPAA, SOX
Cyber Threat Intelligence Security Operations Operations ISO/IEC 27002, NIST SP 800-53 Rev. 5, IEC 62443-2-1, IEC 62443-2-4, NIS2 PCI-DSS, HIPAA, SOX
TDR (Threat Detection and Response) Cyber Security Operations
SOAR (Security Orchestration, Automation, and Response) TDR Operations ISO/IEC 27002, NIST SP 800-137
SIEM (Security Information and Event Management) TDR Operations ISO/IEC 27002, NIST SP 800-137, NIS2 Art. 15 PCI-DSS, HIPAA, SOX
CI/CD Development Practices Development/Operations NIST SP 800-53 Rev. 5, IEC 62443-4-1, NIS2 Art. 21
Container Security Practices Development/Operations NIST SP 800-190, IEC 62443-4-1, NIS2 Art. 21
API Security Security Practices Development/Operations NIST SP 800-53 Rev. 5, OWASP, IEC 62443-4-1, NIS2 Art. 21
Cloud Security Security Practices Development/Operations ISO/IEC 27017, ISO/IEC 27018, NIST SP 800-53 Rev. 5, IEC 62443-4-1, NIS2 Art. 21
Database Security Security Practices Development/Operations ISO/IEC 27002, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-2, NIS2 PCI-DSS, HIPAA, SOX
Cyber Hygiene Security Practices Development/Operations ISO/IEC 27002, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-1, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Software Supply Chain Security Supply Chain Security Planning/Development/Operations NIST SP 800-161 Rev. 1, ISO/IEC 27036, IEC 62443-4-1, NIS2 Art. 21-22
Defense in Depth Security Principles Software Design Principles
Identity and Access Management (IAM) Identity Management Development/Operations ISO/IEC 27002, NIST SP 800-63 Rev. 3, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Authentication IAM Development/Implementation ISO/IEC 27002, NIST SP 800-63 Rev. 3, FIPS 201, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Multi-Factor Authentication (MFA) Authentication Development/Operations ISO/IEC 27002, NIST SP 800-63 Rev. 3, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Authorization IAM Development/Operations ISO/IEC 27002, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Access Control Authorization Development/Operations ISO/IEC 27002, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Network Security Cyber Security Operations ISO/IEC 27033, NIST SP 800-53 Rev. 5, IEC 62443-2-1, IEC 62443-2-4 PCI-DSS, HIPAA, SOX
NDR (Network Detection and Response) Network Security Operations
IDS (Intrusion Detection System) NDR Operations ISO/IEC 27002, NIST SP 800-94, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
IPS (Intrusion Prevention System) NDR Operations ISO/IEC 27002, NIST SP 800-94, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Least Privilege Security Principles Software Design Principles
Role-Based Access Control (RBAC) Access Control Development/Implementation ISO/IEC 27002, NIST SP 800-53 Rev. 5, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX
Security by Default Security Principles Software Design Principles
Encryption Data Protection Development/Implementation ISO/IEC 27002, NIST SP 800-57 Rev. 5, FIPS 140-2, IEC 62443-3-3, IEC 62443-4-2, NIS2 Art. 21 PCI-DSS, HIPAA, SOX, GDPR, CCPA
Privacy by Design Privacy Principles Software Design Principles
Security Policy Management Policy Management Planning ISO/IEC 27002, NIST SP 800-53 Rev. 5, IEC 62443-2-1, IEC 62443-2-4, NIS2 Art. 7
Privacy Impact Assessment (PIA) Risk Management Planning/Design ISO/IEC 29134, NIST SP 800-53 Rev. 5, IEC 62443-3-2, NIS2 Art. 20 GDPR, CCPA