How can software testing managers best ensure security measures are followed?
In software it’s true that security is everyone’s job. As the manager directly responsible for overall product quality, the software testing manager plays an important role in ensuring appropriate security measures are followed. That requires education, planning, validation and communication.
In order to follow security measures, teams need a ‘lead’ responsible for investigating and documenting these requirements. The testing manager is often the project leader assigned this task. Whether it is the testing manager or a member of his/her team, education is the first step. Become familiar with the requirements facing the industry or technology sector you are building software for. As an example, a testing manager in a financial firm will need to become familiar with PCI requirements, from security controls to auditing and logging. This education will require a broad range of learning sources including business analysts, industry journals, and published government or industry regulations.
Once the testing manager has completed the education phase, the next step is to document and plan project impact. This documentation is generally in the form of technical requirements for Waterfall organizations or user stories and technical debt for Agile organizations. Test strategy and test case suites must also be updated to reflect the new requirements. The testing manager, having learned about the various security measures needed for the project, is also uniquely qualified to assist the deployment team to create pre- and post-deployment checklists to validate all required security measures have been properly configured in production.
Finally, the testing manager already has the responsibility for communicating measurements of software quality. Communicating the status of security measures is a logical addition to those responsibilities. This communication will take various forms, from frequent managerial status updates (oftentimes including updates to internal security and/or audit teams) as well as documentation of compliance for use in potential external audits.
The test manager plays one other important role in ensuring security measures are followed. This role is to encourage, enforce and pattern compliance with internal security guidelines both of the company as well as guidelines given by the company’s customers. Security is everyone’s responsibility, but managers carry the duty to be examples to their teams and to ensure their teams follow security requirements.
Given the testing manager’s familiarity with and responsibility for measuring and communicating the status of quality in a project, adding in reporting on security measures is a logical step. A benefit to this effort is that, as quality managers emphasize and report on security measures, the organization’s culture will change and begin to embrace and adopt these measures as its own.
What a modern software test manager's duties include
Dig Deeper on Topics Archive
Related Q&A from John Overbaugh
Learn what's behind AWS outages and how to fix failures before they happen. Continue Reading
Learn strategies for best security test strategies for SaaS cloud. Continue Reading
Expert John Overbaugh identifies the three top concerns of the test manager and offers advice on how to stay ahead of the curve when it comes to ... Continue Reading