{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

An effective process has been put in place where

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: security spend within projects ✦ and determine if appropriate budget has been allocated to each project for security; ✦Implement the final education and awareness ✦ programs for application roles; ✦Complete a long term application security ✦ strategy roadmap for the organization. In previous phases VirtualWare had released a formal incident response plan for customers to submit vulnerabilities found with their code. During this phase,VirtualWare took the results of the submitted vulnerabilities and conducted assessments of why the problem occurred, how and attempted a series of reporting to determine any common theme identified amongst the reported vulnerabilities. As a part of the ongoing effort to ensure applications are deployed internally securely as well as on customer networks, VirtualWare created a series of white-papers, provided to customers based on industry standards for recommended environment hardening. The purpose of these guidelines is to provide assistance to customers on the best approach to deploying their applications. Implementation Costs A significant amount of internal resources and costs were invested in this phase of the project. There were two different types of costs associated with this phase. Internal Resource Requirements Internal resource effort used in the creation of content, workshops and review of application security initiatives within this phase. Effort is shown in total days per role. Developer Architect Manager 4 days Business Owner 7 QA Tester days 9 days Security Auditor 6 days 1 day 11 days Outsourced Resources Due to the lack of knowledge within VirtualWare, external resources were used to assist with the implementation of this phase, including documentation, processes and workshops. Consultant (Security) 22 days One of the final functions implemented within VirtualWare was to complete a “AS IS” gap assessment and review, and determine how effective the past 12 months had been. During this short program questionnaires were sent to all team members involved as well as a baseline review against SAMM. The weaknesses and strengths identified during this review were documented into the final strategic roadmap for the organization and the next twelve months strategy was set for VirtualWare. SAMM / Case Studies - v1.0 During this phase, VirtualWare implemented a short computer based training module so that existing and new developers could maintain their skills in application security. It was also mandated that...
View Full Document

{[ snackBarMessage ]}

Ask a homework question - tutors are online