secure web applications – it starts at the top a holistic approach
TRANSCRIPT
Secure Web Applications – It Starts at the TopA Holistic Approach
Security Best PracticesThe Big Picture Challenge
An entities’ security program is intrinsic to the availability of its systems, accuracy of its information, and its reputation.
The security program is a complex - intertwining people, processes and technology into a set of complementary controls.
The security program requires validation for ROI, efficacy of controlsand alignment to the business objectives and risk tolerances.
The security controls must be bound to the rest of the systems and yieldits own metrics and information (the “system within the system”).
Where Does Application Security Fit?
How Does Application Security Fit into IT GRC?
Key Data points must be collected from live sources. Data Modeling and system flow modeling must be
done on this complex system. Start by establishing the most valuable questions that
could ideally be answered:What if funding levels were changed?What if development was partially done by a partner?What if business valuation changed on an asset? What if a totally new threat was introduced