Development & Modification of Software Applications
34. Software Application Security Checklist
Is there a process in place to ensure that, prior to storing or accessing UBC Electronic Information, a Software Application Security Checklist is completed for all new or substantially modified applications that store or access Medium, High or Very High-Risk Information?
Why is this Essential?
When purchasing, designing or substantially modifying Software Applications, it is important that security requirements are understood, documented and implemented at the earliest appropriate stage of the project. This is substantially cheaper and more effective than trying to apply security controls retroactively.
Reference Links
Development and Modification of Software ApplicationsSoftware Application Security Checklist
Instructions
Here are some examples of substantially modified applications:
- Granting access privileges to Medium, High or Very High Risk Information to new categories or groups of individuals
- outsourcing management, storage or security of Medium, High or Very High Risk Information to an external service provider
- changing how Medium, High or Very High Risk Information is collected, used or displayed
What is Acceptable?
IT support staff are aware of the checklist and are known to utilize as part of the implementation/release process.
35. Website Naming
Are all the online sites/tools/applications/services delivered by the unit I represent in the ubc.ca domain space?
Why is this Essential?
Web Applications used to conduct University Business must be provisioned within the ubc.ca domain name space, e.g. widget.ubc.ca, unless not technically possible.
Placing applications in the ubc.ca domain space enables users to validate authentic UBC websites, significantly reducing the likelihood of users responding to phishing attempts. Further various cybersecurity services (including proactive monitoring) are only available to site in the ubc.ca domain space, so being outside the domain is likely to result in less secure web applications.
Reference Links
myDNS FAQsSubdomain Registration
Instructions
N/A
What is Acceptable?
Web Applications used to conduct University Business must be provisioned within the ubc.ca domain name space, e.g. widget.ubc.ca, unless not technically possible.