This preview shows page 1. Sign up to view the full content.
Unformatted text preview: security spend within projects
and determine if appropriate budget has been
allocated to each project for security;
✦Implement the final education and awareness
programs for application roles;
✦Complete a long term application security
strategy roadmap for the organization.
In previous phases VirtualWare had released a formal incident response plan for customers to submit vulnerabilities found with their
code. During this phase,VirtualWare took the results of the submitted vulnerabilities and conducted assessments of why the problem
occurred, how and attempted a series of reporting to determine
any common theme identified amongst the reported vulnerabilities.
As a part of the ongoing effort to ensure applications are deployed
internally securely as well as on customer networks, VirtualWare
created a series of white-papers, provided to customers based on
industry standards for recommended environment hardening. The
purpose of these guidelines is to provide assistance to customers
on the best approach to deploying their applications. Implementation Costs
A significant amount of internal resources and costs were invested
in this phase of the project. There were two different types of costs
associated with this phase. Internal Resource Requirements
Internal resource effort used in the creation of content, workshops
and review of application security initiatives within this phase. Effort
is shown in total days per role.
Developer Architect Manager 4 days Business
Owner 7 QA Tester days 9 days Security
Auditor 6 days 1 day 11 days Outsourced Resources
Due to the lack of knowledge within VirtualWare, external resources were used to assist with the implementation of this phase, including documentation, processes and workshops.
(Security) 22 days One of the final functions implemented within VirtualWare was to
complete a “AS IS” gap assessment and review, and determine how
effective the past 12 months had been. During this short program
questionnaires were sent to all team members involved as well as a
baseline review against SAMM. The weaknesses and strengths identified during this review were documented into the final strategic
roadmap for the organization and the next twelve months strategy
was set for VirtualWare. SAMM / Case Studies - v1.0 During this phase, VirtualWare implemented a short computer
based training module so that existing and new developers could
maintain their skills in application security. It was also mandated
View Full Document
This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.
- Spring '14