Where does application role design/privileges take place in the SDLC process?

like
Posting as :
works at
You are currently posting as works at

I think this will be done during the design. Security design will be prepared then but will depend on the scale and complexity of the project. Most of the time, project teams follow their own version if SDLC, so you will have to use judgement as to what could be the best stage to consider security design.

like

The earlier the better

like

Before SIT/UAT

Shortly after requirements mapping and architecture. Once you know what the system needs to do and how you want to do it, design the roles to follow/adhere to that process.

like

Related Posts

Male swim trunk brand recommendations? Prefer shorter slimmer European cut

like

Has anyone attended HackerX events? I'm wondering how the experience was and if you felt you built a brand with good candidates.

like

Give me an example of “chaos is a ladder"

like

Can anyone let me know for any opportunities in amdocs india (pune/ Bangalore) for java/mainframe/python positions.

like

Anybody nominated for FY24 H1b nominations? If yes, any idea how the process further in PwC goes? Till they drop in nominations officially in March?

like

Hi all, I have just been made redundant and I’m actively looking for work within the recruitment space. I’m looking for an embedding in-house / in-house remote role. I am based in the UK but I am open to other countries too. If you know any companies actively recruiting, please don’t hesitate to reach out to me on here or on LinkedIn (Favour Adefila)

like

Looking for opinions. I’m an IW with 2 yrs experience working from home at a Fortune 500 company w/ excellent benefits, target salary 75k. I was previously offered a job at another company where the 75k salary was guaranteed for the first year. Most people make much more than this once their comp fully ramps up, but, I would have to work in the office. I declined the offer, but now the CEO wants to meet with me several months later. Would I be crazy if I asked for 100k guaranteed salary?

like

I have a family member who is having a hard time finding an entry level data analyst role. He knows Python, SQL, and is AWS certified. Anyone know anyone or willing to refer him?

like

Dear legal recruiters who used to work as attorneys: are you glad you made the switch? I think recruiting could be fun but I know how much I ignore recruiter emails daily so it makes me think it’s touch to place people and make a consistent income. Thoughts?

like

Today Pfizer announced that trials show that their vaccine is 100% effective for teens ages 12-15. Do you think most of our students will get it for next year?

likehelpful

Anyone gone from PA to CBRE ? Do you like it ?

like

Got an offer from pwc in the data privacy role.
With 13.5 Lpa currently i’m at 12 and made switch on march.
Though my current company is an mnc but not that big and no work pressure is there, amazing work life balance. However, there is little to no learning and its very slow, the project is just starting and the client itself is not clear what they want. Do you think I should switch just because its a big 4. Please help me decide. Yoe -3.5

like

One of my senior managers is a boomerang and told me she was laid off when she was 7 months pregnant about 10 years ago. I think she was a senior or manager. She was in a specific group and everybody was laid off. It wasn’t performance based.

Would you work at your company again if you were laid off?

like
like
like

I feel left out in my firm. How do I make 'friends' with my colleagues? I've been here for a year. I am naturally not a very out going person, was never 'cool' and I struggle to speak in group situations / make engaging conversation with higher ups. It is an important trait to have in this job and I just don't know how to do this. It makes me very upset - I even sought therapy but wasn't useful. I can't spend 14 hours each day feeling like this:(

like

ZS hiring for multiple roles... DM in case of any referrals!

like

Hi, I am new to Canada and currently living in Vancouver, BC. I was looking for opportunities in the Financial Services industry in the Metro Vancouver Area. I have about 3 years of experience in the Banking/Financial Services and HealthTech industry and worked alongside IBM and PwC in developing and implementing cutting-edge FinTech products for business clients of a Financial Institution and led the Finance and data science team at a Health tech startup. Let me know if anyone can help me.

like

Additional Posts in Risk Assurance

Any idea on what I industry senior risk analysts are making?

like

Does Deloitte and PWC has a dedicated app sec pen-test team? What percent of the time do you travel? Do you guys work from home or need relocation to any place in US?

like

Hi! I used to work at PwC and currently work at Friedman. I’ve been at Friedman for about a year and a half and I love it! We are hiring at an experienced associate and senior associate level! Cont..

like

If anyone is looking for a referral as an experienced hire to the PwC DAT (Digital Assurance & Transparency - formerly Risk Assurance) practice let me know and would be happy to refer you. We are actively looking to hire.

like

Identifying a common process, what does this even mean 😩 please help.

like

Currently in Risk Assurance but have the opportunity to transfer into Deals & Strategy. Which one is better for a career long term?

like

What aspects would you look at when interviewing a person for a Manager position?

like

How do you apply design factors to IT Audits. Just overheard someone explain 'level of aggregation' for IT Security policies by describing how many people have access to it. Why is this a thing???

like

Does business Process Internal Audit or IT Internal Audit make more?

like

I studied finance in undergrad and had a couple of internal audit internships. I only started a few month ago but I never saw myself doing IT Audit and I don’t like it thus far! Would I need to get a CPA in order to move into audit or something more finance/accounting oriented like FDD, Valuation, etc.? (Still need to get to 150, thinking of doing an online MAcc)

like

I currently work in a Chief Internal Auditor role. I want to get a certification focused on IT audit both for knowledge, gaining credibility with my stakeholders in the IT audit space, and for when I look for a new role. I don’t have / won’t be able to get sufficient IT audit experience for the CISA designation at this stage. What designations, courses, or other options would you suggest?

like

How is IT audit at Baker Tilly? Looking to change from a big 4.

like

What’s the salary range for IT Audit Seniors in the Seattle market?

like

I'm a Tech Risk SC, but have an accounting/finance background. I'm doing the FRM now for broader cert experience, is it worth doing CA long term in my area?

Is anyone here in KPMG’s CRM Risk practice? If so do you know if they are still hiring??

like

How do you all keep up with trends in risk and internal audit?

like

Does anyone have any good resources for auditing ESG?

Do you audit users with Sudo access and a log of sudo activity or just users with access to sudo?

like
like

Mid year promotions, I found out you need to make your own case for it rather than the firm coming to you. If you think you’re ready make sure you speak up!

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal