The key goal from these programs is to instill

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: st of approved development frameworks; ✦ ✦Enhance the existing threat modeling ✦ process used within VirtualWare; ✦Adopt an incident response plan and prepare ✦ a security disclosure process; ✦Introduce Change Management procedures ✦ and formal guidelines for all projects. To coincide with the introduction of automated tools for developers (from the previous phase), formal technical guidance on secure coding techniques was introduced into the organization.These were specific technical documents relating to languages and technology and provided guidance on secure coding techniques in each relevant language/application. With a combined approach from the education and awareness programs, technical guidance and then the introduction of automation tools to help the developers, VirtualWare started to see a visible difference in the code being delivered into production versions of their applications. Developers provided positive feedback on the tools and education made available to them under the program. For the first time in VirtualWare project teams became responsible for their security and design of their application platforms. During this phase a formal review process and validation against best practices were performed by each team. Some teams identified gaps relating to both security and business design that needed to be reviewed. A formal plan was put in place to ensure these gaps were addressed. A formal incident response plan and change management procedures were introduced during this phase of the project. This was a difficult process to implement, and VirtualWare teams initially struggled with the process as the impact on culture and the operational side of the business was significant. However over time each team member identified the value in the new process and the changes were accepted by the team over the implementation period. Implementation Costs A significant amount of internal resources and costs were invested in this phase of the project. There were two different types of costs associated with this phase. Internal Resource Requirements Internal resource effort used in the creation of content, workshops and review of application security initiatives within this phase. Effort is shown in total days per role. Developer Architect Manager 5 Business Owner days 7 Security Auditor days 9 Support Operations days days days days 6 10 3 Outsourced Resources Due to the lack of knowledge within VirtualWare, external resources were used to assist with the creation of content, and create/ deliver the processes, guidelines and assist teams. Consultant (Security) 20 days SAMM / Case Studies - v1.0 To achieve these maturity levels VirtualWare implemented a number of programs during this phase of the roll-out. The following initiatives were adopted; 91 Phase 4 (Months 9 – 12) – Governance & Operational Security VirtualWare - Phase 4 The fourth phase of the assurance program implementation within VirtualWare continues on from the previous phases, by enhancing exist...
View Full Document

Ask a homework question - tutors are online