Internal resource requirements internal resource

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: curity vulnerabilities through their support@virtualware.net address. However as this was a general support address, existing requests were not always filtered down to the appropriate teams within the organization and handled correctly. The need to implement a formal security vulnerability response program was also identified by VirtualWare. Implementation Strategy The adoption of a security assurance program within an organization is a long term strategy, and significantly impacts on the culture of developers and the process taken by the business to develop and deliver business applications. The adoption of this strategy is set over a 12 month period, and due to the size of the organization will be relatively easy to implement in that period. Strategy & Metrics Policy & Compliance Education & Guidance Threat Assessment Security Requirements Secure Architecture Design Review Code Review Security Testing Vulnerability Management Environment Hardening Operational Enablement SAMM / Case Studies - v1.0 Key Challenges 85 Phase 1 (Months 0 – 3) – Awareness & Planning VirtualWare - Phase 1 VirtualWare previously identified that they had limited knowledge and awareness of application security threats to their organization and limited secure coding experience. The first phase of the deployment within VirtualWare focused on training developers and implementing guidance and programs to identify current security vulnerabilities. Development teams within VirtualWare had limited experience in secure coding techniques therefore, an initial training program was developed that can be provided to the developers within the organization on defensive programming techniques. With over 300 developers and multiple languages supported within the organization one of the key challenges for VirtualWare was to provide an education program that was technical enough to teach developers some of the basic’s in secure coding concepts. The objective of this initial education course was primarily on coding techniques and testing tools. The course developed and delivered within the organization lasted for 1 day and covered the basics of secure coding. VirtualWare was aware that they had a number of applications with vulnerabilities and no real strategy in which to identify existing vulnerabilities and address the risks in a reasonable time-frame. A basic risk assessment methodology was adopted and the organization undertook a review of the existing application platforms. This phase also included implementing a number of concepts for the development team to enhance their security tools. The development teams already had a number of tools available to perform quality type assessments. Additional investigation into code review and security testing tools was performed. Target Objectives During this phase of the project,VirtualWare implemented the following SAMM Practices & Activities. 1 EG 1 SR 1 CR 1 ST 1 VM 1 SAMM / Case Studies - v1.0 SM 86 A. Estimate overall business risk profile B. Build and maintain assurance pr...
View Full Document

Ask a homework question - tutors are online