 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements.

Slides:



Advertisements
Similar presentations
PhoenixPro Procurement. technology. contracts. projects.
Advertisements

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Development Lifecycle Randy Guthrie Microsoft Developer Evangelist
12 November 2009 Bryan Sullivan Senior Security Program Manager, Microsoft SDL.
Security Controls – What Works
Planning and Managing Information Security Randall Sutton, President Elytra Enterprises Inc. April 4, 2006.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
Software Security Testing by Gary McGraw, Bruce Potter presented by Edward Bonver 11/07/2005.
Vulnerability Assessments
Software Security Course Course Outline Course Overview Introduction to Software Security Common Attacks and Vulnerabilities Overview of Security.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
MSDN Webcast - SDL Process. Agenda  Fuzzing & The SDL  Integration of fuzzing  Importance of fuzzing Michael Eddington Déjà vu Security
IDENTITY MANAGEMENT: PROTECTING FROM THE INSIDE OUT MICHAEL FORNAL, SECURITY ANALYST PROVIDENCE HEALTH & SERVICES SOURCE SEATTLE CONFERENCE
SEC835 Database and Web application security Information Security Architecture.
CS 325: Software Engineering April 14, 2015 Software Security Security Requirements Software Security in the Life Cycle.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
The Trustworthy Computing Security Development Lifecycle Steve Lipner Director of Security Engineering Strategy Security Business and Technology Unit.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
12,000 anonymized surveyed results Worldwide user base Cloud Security Readiness Tool Security trends report:
Security Development Lifecycle: Changing the Software Development Process to build in Security from the start Eric Bidstrup Ellen Cram Kowalczyk Security.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Microsoft Security Development Lifecycle
Network Security Lecture 3 Presented by: Dr. Munam Ali Shah.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
ISE Confidential - not for distribution THE EVOLVING THREAT LANDSCAPE: ADVANCING ENTERPRISE SECURITY 11 December 2013.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Data Security Assessment and Prevention AD660 – Databases, Security, and Web Technologies Marcus Goncalves Spring 2013.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
1 ITGD 2202 Supervision:- Assistant Professor Dr. Sana’a Wafa Al-Sayegh Dr. Sana’a Wafa Al-SayeghStudent: Anwaar Ahmed Abu-AlQumboz.
Module 6: Designing Security for Network Hosts
Randy Beavers CS 585 – Computer Security February 19, 2009.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Network Perimeter Defense Josef Pojsl, Martin Macháček, Trusted Network Solutions, Inc.
What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.
Security Development Life Cycle Baking Security into Development September 2010.
1 1 Cybersecurity : Optimal Approach for PSAPs FCC Task Force on Optimal PSAP Architecture Working Group 1 Final Report December 10 th, 2015.
Security Snapshot Assessment Maximizing Return on Security Investment What assets do we have? What is running on those assets? What is our risk level?
Importance of Physical Security Common Security Mistakes 1.Security Awareness 2.Incident Response 3.Poor Password Management 4.Bad administrative.
What Causes Software Vulnerabilities? _____________________ ___________ ____________ _______________   flaws in developers own code   flaws resulting.
INFORMATION SECURITY AND CONTROL. SECURITY: l Deter l Detect l Minimize l Investigate l Recover.
Cisco Consulting Services for Application-Centric Cloud Your Company Needs Fast IT Cisco Application-Centric Cloud Can Help.
Security Development Lifecycle. Microsoft SDL 概觀 The SDL is composed of proven security practices It works in development organizations regardless of.
The Current State of Cyber Security and How to Defend Your Data.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
Engineering Secure Software. A Ubiquitous Concern  You can make a security mistake at every step of the development lifecycle  Requirements that allow.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Implementing Trustworthiness – Building and Delivering Secure Software Glenn Pittaway – Trustworthy Computing (TwC), Microsoft Corporation MSSD-3 — третья.
Summary of Changes PCI DSS V. 3.1 to V. 3.2
Your security risk is higher than ever.
CMSC 345 Defensive Programming Practices from Software Engineering 6th Edition by Ian Sommerville.
Security Standard: “reasonable security”
Compliance with hardening standards
Figure 3: TSN Analysis Methodology
The Microsoft® Security Development Lifecycle (SDL)
Microsoft’s Security Strategy
Building a Security Operations Center
Software Assurance Maturity Model
Understanding Security Layers
development lifecycle & Principles
Moving from “Bolt-on” to “Build-in” Security Controls
The MobileIron® Threat Detection difference:
Albeado - Enabling Smart Energy
Security in the Real World – Plenary Day One
V1.1 1.
CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com
CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com
Presentation transcript:

 Protect customers with more secure software  Reduce the number of vulnerabilities  Reduce the severity of vulnerabilities  Address compliance requirements  Proactive, forward-thinking  Eliminate redundancies, coordinate processes  Improve productivity  Reduce cost  NIST estimates that code fixes performed after release can result in 30 times the cost of fixes performed during the design phase  Additional costs may include a significant loss of user productivity and confidence. An ounce of prevention is worth a pound of cure  Secure by design  Secure architecture, design, and structure  Threat modeling and mitigation  Elimination of vulnerabilities  Improvements in security  Secure by default  Least privilege  Defense in depth  Conservative default settings  Avoidance of risky default changes  Less commonly used services off by default  Secure in deployment  Deployment guides  Analysis and management tools  Patch deployment tools

 Security Training  Secure design  Threat modeling  Secure coding  Security testing  Privacy  Response  Execute response planTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

 Requirements  Security requirements  Quality gates  Bug bars  Security and privacy risk assessment  Design  Design requirements  Attack surface reduction  Threat modelingTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

 Implementation  Use approved tools  Deprecate unsafe functions  Static analysis  Verification  Dynamic program analysis  Fuzz testing  Threat modeling  Release  Incident response plan  Final security reviewTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

 Release (optional)  Manual code review  Penetration testing  Vulnerability analysisTrainingRequirements Design Implementation Verification Release Response An ounce of prevention is worth a pound of cure

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.