IT Examiner School eBook May 2025

Internal Use Only

Understanding Development Development is the systematic application of knowledge to create useful systems including software, components, or automated processes. In cybersecurity and IT, this includes: • Defining, designing, developing, testing, and implementing systems • Validating and demonstrating chosen technologies

• Using test and production environments • Improving prototypes and building hardware • Integrating components into broader systems

Whether development is done in-house or by a third party, it is essential for the entity’s board, senior management, and business line management to understand the associated risks and support effective communication and oversight.

Internal Use Only

Development Risks Without formal development standards or proper controls, organizations are exposed to significant risks that affect confidentiality, integrity, and availability: • Malicious Corruption : Introduction of malware or sabotage during development • Unintentional Vulnerabilities : Inclusion of backdoors, open ports, or insecure defaults • Process and Code Errors : Missed logic, incorrect calculations, or omissions that result in operational issues like disruptions or delays Effective development management includes training on secure coding and design practices , especially when building or modifying systems internally.