january 2008. bugsec products challenges data security aspects become a critical elements in modern...

January 2008

BugSec ProductsBugSec Products

ChallengesChallenges

Data security aspects become a critical elements in modern companies proceeding.

Many organizations are required to comply with information security standards, such as PCI, BASEL II, HIPAA, SOX and more

Because of these regulations and threats, implementation of a new software or system becomes very “painful” and takes a long time

The Present SituationThe Present Situation

Security problems may cause unnecessary costs and schedule delays

Systems must undergo penetration tests before production

At the final stage, the development of each solution necessitates the investment of extensive resources

Conclusion:Conclusion:The implementation of security means during the development process

saves time and money

FactFact

NIST (National Institute of Standards and Technology):

“…the cost of fixing defects after deployment is almost fifteen times greater than detecting and eliminating them during development”

Sec2Pro FunctionsSec2Pro Functions

Increases awareness to the importance of information security

Implements security best practices into development processes

Automates procedures, ensures their assimilation by programmers, keeps track of their implementation in practice

Receives feedback from programmers regarding adherence to guidelines

Produces control reports for management(Cont.)

Sec2Pro Functions Sec2Pro Functions (cont.)(cont.)

Significantly reduces penetration testing timesVerifies compliance with required standards and

regulationsProvides programmers with ongoing updates regarding

threats and newly issued regulatory requirements

Sec2ProSec2Pro

Integrated hardware (appliance) / software system Straightforward assimilation and operation “Translation” of regulations and standards into specific

instructions Broad knowledge base for all development environments and

infrastructure Intuitive, efficient and accessible knowledge base Ongoing updates regarding technological issues and regulatory

requirements Online communication among all project components through

one system

Sec2ProSec2Pro

Sec2Code includes 2 configurations: Notifier – tracks code writing and refers the programmer

to relevant information in the knowledge base Project Checklist – manages security aspects during

programming

Sec2Net Procedures and a checklist for hardening IT

infrastructures

Opening a New ProjectOpening a New Project

Opening a new project includes the participants, software languages and regulations

Click to enlarge

Back

Interrogation & Input DataInterrogation & Input Data

The system generates a checklist according to the project definitions

Click to enlarge

Back

Programmer SupportProgrammer Support

The system provides the programmer with detailed explanations, including suggestions on how to resolve a variety of problems – from fundamental issues to examples of relevant codes

Click to enlarge

Back

Reporting ToolsReporting Tools

The system provides managers with on-line progress reports

Click to enlarge

Back

Sec2Code NotifierSec2Code Notifier

Subtle pop-up notification appears when an object requires attention

A hyperlink directs to the relevant page in the knowledge base

The application is transparent to the user

Click to enlarge

Back

Sec2Code NotifierSec2Code Notifier

System BenefitsSystem Benefits

Unique “open architecture” moduleAbility to add checklists of any kindOrganizations can independently construct tailored

development environments meeting their specific needs

Shorter penetration testing times Ability to set earlier project launch datesReduced dependency on external consulting services

Thank YouThank You

For more details cont us:

11 Moshe Levi St., Rishon le Zion 75070, IsraelTel: +972-3-9622655 | Fax: +972-3-9511433 | E-mail: info@bugsec.com

Visit us at our website: www.bugsec.com