To ensure a successful rollout of the automation

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ogram roadmap A. Conduct technical security awareness training B. Build and maintain technical guidelines A. Derive security requirements from business functionality B. Evaluate security and compliance guidance for requirements A. Create review checklists from known security requirements B. Perform point-review of high-risk code A. Derive test cases from known security requirements B. Conduct penetration testing on software releases A. Identify point of contact for security issues B. Create informal security response team(s) ✦1 Day Secure Coding Course (High-level) for all developers; ✦ ✦Build a technical guidance whitepaper for application ✦ security on technologies used within the organization; ✦Create a risk process and perform high-level ✦ business risk assessments for the application platforms and review business risk; ✦Prepare initial technical guidelines and standards for developers; ✦ ✦Perform short code reviews on application platforms ✦ that present significant risk to the organization; ✦Develop test and use cases for projects and ✦ evaluate the cases against the applications; ✦Appointed a role to application security initiatives; ✦ ✦Generated a Draft strategic roadmap for the ✦ next phase of the assurance program. Implementation Costs A significant amount of internal resources and costs were invested in this phase of the project. There were three different types of costs associated with this phase. Internal Resource Requirements Internal resource effort used in the creation of content, workshops and review of application security initiatives within this phase. Effort is shown in total days per role. Developer Architect Manager Due to the limited amount of expertise in-house within VirtualWare, the company engaged with a third party security consulting group to assist with the creation of the training program, and assist in writing the threat modeling and strategic roadmap for the organization. One of the key challenges faced during this phase, was to get all 300 developers through a one day training course. To achieve this VirtualWare ran 20 course days, with only a small number of developers from each team attending the course at one time. This reduced the overall impact on staff resources during the training period. During this phase of the project, VirtualWare invested significant resources effort into the adoption of a risk review process and reviewing the business risk to the organization. Although considerable effort was focused on these tasks, they were critical to ensuring that the next steps implemented by VirtualWare were in line with the business risks faced by the organization. VirtualWare management received positive feedback from most developers within the organization on the training program. Although not detailed, developers felt that the initial training provided some basic skills that could assist them immediately day to day in writing secure code. 14 days Business Owner 10 QA Tester days 8 days Security Auditor 8 days 3 days 9 days Traini...
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online