The Department for Regional Development (DRD) was created in 1999 and is one of eleven Northern Ireland Executive Departments.  DRD's main responsibilities include: regional planning; transportation strategy; ports and public transport; roads and water policy as well as providing and maintaining roads.

Background

DRD's Information Systems Unit (ISU) needed to ensure that its web applications were being developed and deployed in a secure manner and decided to conduct a security review of DRD's applications.

Sopra Group's long track record of delivering similar projects to other public sector clients helped it to win this contract in a competitive tender.  Sopra Group worked closely with the ISU to understand the issues DRD faced and to improve developer awareness around securing web applications.  The outcome was the production of a series of reports outlining recommendations for improvement and potential remedial actions.

Solution

Each application reviewed underwent application penetration testing and a code/design analysis.  After the assessment stage Sopra Group delivered the following to DRD:

• A summary of recommendations (graded and prioritised) including recommendations on enhancing the ISU's existing coding/design standards
• Inputs to ISU standards, in particular: code snippets; enhanced coding & design standards (in conjunction with ISU staff); design architecture – best practice guide
• Presentation material (slides, notes and technical references) to aid education of the ISU development team
• A detailed response to notified security queries, issues and problems which arose during the course of this project.

Benefits

Sopra Group delivered DRD a solution that was on time and on budget and delivered the following benefits:

• Increased developer awareness and understanding of the importance of security throughout the application development lifecycle
• Advice that helped to shape DRD's new application security standards
• Strong guidance in the development of new security components.