Security Code Review Checklist (Excel XLS)

Adaptive US ISMS Toolkit- Security Code Review Checklist
Today, every organization's business is automated, digitized, and online, leading to data confidentiality, integrity, and availability emerging as key concerns. Malware and hacking are the top two threats of data breaches. While there is no ?silver bullet' for systems security, a healthy and continually improving information security management system (ISMS) can go a long way in mitigating risks.
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
An ISMS typically addresses employee behavior and processes data as well as technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company's culture.
The objective of the policy is to provide management direction and support for information security policy and ensure Confidentiality, Availability, and Integrity of Information assets. This involves laying down governing policies in place to protect information assets from accidental or intentional damage at a reasonable cost.
The policy is intended to
a. Protect information and computer systems and voice and data network from threats and vulnerabilities from internal and/or external sources
b. Achieve compliance with legislative and contractual requirements
c. Ensure business continuity
It is the responsibility of all Information system users to safeguard and preserve the organization's information assets.