As the cost of a data breach continues to rise each year, CISO's and other executives are facing the difficult challenge of establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Unfortunately, many organizations have a software development lifecycle (SDLC) that lacks rigor and discipline, leaving them vulnerable for an attack along with the potential loss of revenue, customer impact, and tarnished brand integrity. Experts agree that building security into the SDLC with proper policies, skills, activities, and controls will enhance Application Security significantly. This paper outlines how CISO's and executive level management can plan for and implement an effective Application Security program.
Highlights include:
- Planning for Application Security: Consider goals for each phase of the SDLC, including requirements, design, coding, testing, and deployment.
- Optimizing your Secure SDLC: Integrating the right tools, activities and skills will reduce vulnerabilities and facilitate compliance.
- Implementing an Application Security Training Program: Learn how to effectively train employees, set up policies and standards, and test applications for vulnerabilities.
- A CISO's perspective: Get tips from John J. Masserini, CISO of Miax Options, on deploying a successful application security program within your organization.