Developer architect manager 4 days business owner 7 qa

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ing security functions within the organization. By now VirtualWare has implemented a number of critical application security processes and mechanisms to ensure that applications are developed and maintained securely. A core focus in this phase is bolstering the Alignment & Governance Discipline. These three functions play a critical role in the foundation of an effective long term application security strategy. A completed education program is implemented, whilst at the same time a long term strategic roadmap is put in place for VirtualWare. The other key focus within this phase is on the operational side of the implementation. VirtualWare management identified previously that the need for incident response plans and dedicated change management processes are critical to the long term strategy. VirtualWare saw this phase as the stepping stones to their long term future. This phase saw the organization implement a number of final measures to cement the existing building blocks that have been laid down in the previous phases. In the long term this will ensure that the processes, concepts and controls put in place will continue to work within the organization to ensure the most secure outcome for their application platforms. VirtualWare chose this phase to introduce their customers to their new application security initiatives, provide details of a series of programs to VirtualWare customers about application security, deploying applications securely and reporting of vulnerabilities in VirtualWare applications. The key goal from these programs is to instill confidence in their customer base that VirtualWare applications are built with security in-mind, and VirtualWare can assist customers in ensuring their application environments using their technology are secure. Target Objectives During this phase of the project,VirtualWare implemented the following SAMM Practices & Activities. 3 PC 2 EG 3 SR 3 CR 3 VM 3 OE 3 SAMM / Case Studies - v1.0 SM 92 A. Conduct periodic industry-wide cost comparisons B. Collect metrics for historic security spend A. Build policies and standards for security and compliance B. Establish project audit practice A. Create formal application security support portal B. Establish role-based examination/certification A. Build security requirements into supplier agreements B. Expand audit program for security requirements A. Customize code analysis for application-specific concerns B. Establish release gates for code review A. Conduct root cause analysis for incidents B. Collect per-incident metrics A. Expand audit program for operational information B. Perform code signing for application components To achieve these maturity levels VirtualWare implemented a number of programs during this phase of the roll-out. The following initiatives were adopted; ✦Create well defined security requirements ✦ and testing program for all projects; ✦Create and implement a incident response plan; ✦ ✦Reviewed existing alerts procedure for applications ✦ and document a process for capturing events; ✦Create a customer security white-paper ✦ on deploying applications security; ✦Review existing...
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online