Software Security Frameworks

•Download as PPT, PDF•

5 likes•3,235 views

Marco Morana

Technology Business

Building Security Into The Software Life Cycle A Business Case Marco M. Morana Senior Consultant Foundstone Professional Services a Division of McAfee Email: [email_address]

Outline ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Glossary ,[object Object],[object Object],[object Object],[object Object]

How we approach risk? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What are the costs? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

When we do address the problem? ,[object Object]

When is more cost effective to build security in? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Software Risk Management and Secure Software Development Life Cycles (S-SDLC)

How do we get there? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Security-Enhancing Lifecycle Process Models

Security Enhancing Process Models ,[object Object]

Business Risks, Technical Risks and Strategies ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

In Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Thank you for listening! Foundstone Links ,[object Object],[object Object],[object Object],[object Object]

What's hot

CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...Edureka!

Secure software designAshis Kumar Chanda

Cyber Security Best PracticesEvolve IP

Security Awareness Training by FortinetAtlantic Training, LLC.

Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo

Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | EdurekaEdureka!

NIST cybersecurity frameworkShriya Rai

Security Operations Center (SOC) Essentials for the SMEAlienVault

03 ciaJadavsejal

Security Policies and Standardsprimeteacher32

Enterprise Security Architecture for Cyber SecurityThe Open Group SA

NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak

Web Application Security TestingMarco Morana

Cyber Security 101: Training, awareness, strategies for small to medium sized...Stephen Cobb

Beginner's Guide to SIEM AlienVault

Intro to Security in SDLCTjylen Veselyj

Information security management systemArani Srinivasan

IBM Security QRadarVirginia Fernandez

Information Security and the SDLCBDPA Charlotte - Information Technology Thought Leaders

Cyber security awarenessJason Murray

What's hot (20)

CyberSecurity Certifications | CyberSecurity Career | CyberSecurity Certifica...

Secure software design

Cyber Security Best Practices

Security Awareness Training by Fortinet

Domain 6 - Security Assessment and Testing

Top 10 Reasons to Learn Cybersecurity | Why Cybersecurity is Important | Edureka

NIST cybersecurity framework

Security Operations Center (SOC) Essentials for the SME

03 cia

Security Policies and Standards

Enterprise Security Architecture for Cyber Security

NIST CyberSecurity Framework: An Overview

Web Application Security Testing

Cyber Security 101: Training, awareness, strategies for small to medium sized...

Beginner's Guide to SIEM

Intro to Security in SDLC

Information security management system

IBM Security QRadar

Information Security and the SDLC

Cyber security awareness

Viewers also liked

Software Security EngineeringMarco Morana

Software Security Assurance - Program Building (You're going to need a bigger...Rafal Los

Build Security into the Software with SparrowJason Sohn

Ten Security Product Categories You've Probably Never Heard OfAdrian Sanabria

«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...Mail.ru Group

Security Certification - Critical ReviewISA Interchange

NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...North Texas Chapter of the ISSA

[Webinar] Building a Product Security Incident Response Team: Learnings from ...bugcrowd

Touchpoints and securityMohan Datar

Running a Software Security Program with Open Source ToolsDenim Group

Software Quality Assurance: A mind game between you and devilNascenia IT

Cisa Certification OverviewAl Imran, CISA

Software SecurityRoman Oliynykov

Software securityRoman Oliynykov

Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015Minded Security

Security Maturity Models.Priyanka Aash

Evolution Of IPRLalit Ambastha

DTS Solution - Building a SOC (Security Operations Center)Shah Sheikh

COBIT 5 as an IT Management Best Practices Framework - by Goh Boon NamNUS-ISS

Ipr, Intellectual Property RightsVikram Dahiya

Viewers also liked (20)

Software Security Engineering

Software Security Assurance - Program Building (You're going to need a bigger...

Build Security into the Software with Sparrow

Ten Security Product Categories You've Probably Never Heard Of

«Product Security Incident Response Team (PSIRT) - Изнутри Cisco PSIRT», Алек...

Security Certification - Critical Review

NTXISSACSC2 - Four Deadly Traps in Using Information Security Frameworks by D...

[Webinar] Building a Product Security Incident Response Team: Learnings from ...

Touchpoints and security

Running a Software Security Program with Open Source Tools

Software Quality Assurance: A mind game between you and devil

Cisa Certification Overview

Software Security

Software security

Matteo Meucci Software Security in practice - Aiea torino - 30-10-2015

Security Maturity Models.

Evolution Of IPR

DTS Solution - Building a SOC (Security Operations Center)

COBIT 5 as an IT Management Best Practices Framework - by Goh Boon Nam

Ipr, Intellectual Property Rights

Similar to Software Security Frameworks

Software Security InitiativesMarco Morana

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos

Application Security Maturity ModelSecurity Innovation

Realizing Software Security Maturity: The Growing Pains and GainsPriyanka Aash

Secure Software Development Life CycleMaurice Dawson

Introduction to the Microsoft Security Development Lifecycle (SDL).ppsxMardhaniAR

Software Security in the Real WorldMark Curphey

Business cases for software securityMarco Morana

Application Threat Modeling In Risk ManagementMel Drews

A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020Brian Levine

Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...CSCJournals

Application Security Done Rightpvanwoud

iDEAFest Enteprise InfoSec Program Lessons LearnedMichael King

Application Threat ModelingMarco Morana

Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel

Assessing and Measuring Security in Custom SAP Applicationssebastianschinzel

Software Security Testingankitmehta21

What is Enterprise Security Architecture (ESA)?John Gardner, CMC

Applicaiton Security - Building The Audit ProgramMichael Davis

BSAMMBOChristian Heinrich

Similar to Software Security Frameworks (20)

Software Security Initiatives

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)

Application Security Maturity Model

Realizing Software Security Maturity: The Growing Pains and Gains

Secure Software Development Life Cycle

Introduction to the Microsoft Security Development Lifecycle (SDL).ppsx

Software Security in the Real World

Business cases for software security

Application Threat Modeling In Risk Management

A Warrior's Journey: Building a Global AppSec Program - OWASP Global AppSec 2020

Software Reliability and Quality Assurance Challenges in Cyber Physical Syste...

Application Security Done Right

iDEAFest Enteprise InfoSec Program Lessons Learned

Application Threat Modeling

Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...

Assessing and Measuring Security in Custom SAP Applications

Software Security Testing

What is Enterprise Security Architecture (ESA)?

Applicaiton Security - Building The Audit Program

BSAMMBO

Recently uploaded

Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi

My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer

"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays

DevEX - reference for building teams, processes, and platformsSergiu Bodiu

Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson

Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software

Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays

Story boards and shot lists for my a level piececharlottematthew16

SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero

Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University

What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett

Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz

Gen AI in Business - Global Trends Report 2024.pdfAddepto

Training state-of-the-art general text embeddingZilliz

Install Stable Diffusion in windows machinePadma Pradeep

Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm

"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays

Artificial intelligence in cctv survelliance.pptxhariprasad279825

Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed

Recently uploaded (20)

Vertex AI Gemini Prompt Engineering Tips

My INSURER PTE LTD - Insurtech Innovation Award 2024

"Federated learning: out of reach no matter how close",Oleksandr Lapshyn

DevEX - reference for building teams, processes, and platforms

Are Multi-Cloud and Serverless Good or Bad?

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation

Unraveling Multimodality with Large Language Models.pdf

"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack

Story boards and shot lists for my a level piece

SIP trunking in Janus @ Kamailio World 2024

Nell’iperspazio con Rocket: il Framework Web di Rust!

What's New in Teams Calling, Meetings and Devices March 2024

Vector Databases 101 - An introduction to the world of Vector Databases

Gen AI in Business - Global Trends Report 2024.pdf

Training state-of-the-art general text embedding

Install Stable Diffusion in windows machine

Streamlining Python Development: A Guide to a Modern Project Setup

"Debugging python applications inside k8s environment", Andrii Soldatenko

Artificial intelligence in cctv survelliance.pptx

Scanning the Internet for External Cloud Exposures via SSL Certs