Information Security Management Framework for Web Applications Development

Information is an influential variable in corporate environment, potentially rich and fundamental for strategic planning. Therefore, it should not be exposed to risks of improper access and unauthorised changes. Among the information technologies that manipulate and exchange information, Web technologies represent a paradigm of software development increasingly used, which make use of the internet as a means of communication for informations exchange. The Internet is, admittedly, an inhospitable and unmanaged environment. However, in addition to issues of internet-related insecurity issues, the neglect or malpractice of system analysts and programmers can be decisive for delivering software products that do not properly exploit the use of information security mechanisms, making attacks on information succeed. This article aims to propose an information security management framework in order to support professionals and companies that develop Web applications for them to adopt, institutionalize and train in good practices on the use of encryption, digital signature, digital certificate and access control. The adoption of this proposed framework is expected to contribute for Web applications to get higher levels of information protection.