Virtualware management understood that the

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ng Resource Requirements (Training per person for period) Each developer within VirtualWare was required to attend a training course, and therefore every developer had a single day allocated to the application security program. Developer (per person) 1 day Outsourced Resources Due to the lack of knowledge within VirtualWare, external resources were used to assist with the creation of content, and create/ deliver the training program to the developers. Consultant (Security) 15 days Consultant (Training) 22 days SAMM / Case Studies - v1.0 To achieve these maturity levels VirtualWare implemented a number of programs during this phase of the roll-out. The following initiatives were adopted; 87 Phase 2 (Months 3 – 6) – Education & Testing SAMM / Case Studies - v1.0 VirtualWare - Phase 2 VirtualWare identified in phase 1 that a number of their applications contained vulnerabilities that may be exploited by external threats. Therefore one of the key objectives of this phase was to implement basic testing and review capabilities to identify the vulnerabilities and address them in the code. 88 The introduction of automated tools to assist with code coverage and findings weaknesses was identified as one of the biggest challenges in this phase of the implementation. Traditionally in the past developers have used automated tools with great difficultly and therefore implementing new tools was seen as a significant challenge. To ensure a successful rollout of the automation tools within the organization,VirtualWare proceeded with a staged roll-out. The tools would be given to senior team leaders first, with other developers coming online over a period of time. Teams were encouraged to adopt the tools, however, no formal process was put in place for their use. This phase of the implementation also saw the introduction of a more formal education and awareness program. Developers from the previous training requested more specific training in the areas of web services, and data validation. The new 6 hour specific training course was developed with these two focus areas. VirtualWare also implemented additional training programs for Architects and Managers, and adopted an awareness campaign within the organization. Target Objectives During this phase of the project,VirtualWare implemented the following SAMM Practices & Activities. 2 EG 2 TA 1 DR 1 CR 2 ST 2 OE 1 SM A. Classify data and applications based on business risk B. Establish and measure per-classification security goals A. Conduct role-specific application security training B. Utilize security coaches to enhance project teams A. Build and maintain application-specific threat models B. Develop attacker profile from software architecture A. Identify software attack surface B. Analyze design against known security requirements A. Utilize automated code analysis tools B. Integrate code analysis into development process A. Utilize automated security testing tools B. Integrate security testing into development process A. Capture critical security information for deployment B. Document procedures for...
View Full Document

This homework help was uploaded on 03/31/2014 for the course GEN ED IS taught by Professor 3445 during the Spring '14 term at ITT Tech Flint.

Ask a homework question - tutors are online