SlideShare a Scribd company logo

Software Security Assurance - Bruce Jenkins

I
IT-oLogy

Software Security Assurance - Managing risk in the face of digital transformation.

Technology
1 of 42
Download to read offline
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SoftwareSecurityAssurance Managingriskinthefaceofdigitaltransformation
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 IT-oLogy Trends 2015 –Columbia, SC Bruce C Jenkins CISM, CISSP, CSSLP Fortify Security Lead AppSec Program Strategist Hewlett-Packard Company Current  Fortify product and information security  HP-internal application security program strategy  Customer-facing appsec workshops and strategy Former  Fortify Pro Services, 2007-2011  US Air Force, 1979-2007 About me
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 IT-oLogy Trends 2015 –Columbia, SC • 2005: USAir Force personnel systembreached; 33Krecords exfiltrated • 2006: VA employee’s personal external drive stolen; 26M VA records at risk • 2007-2011: ??? • 2012: Thrift Saving Plan contractor’s systemattacked; 123KSSNs stolen • 2013: Target POS systemcompromised; up to 70M customers impacted • 2014: University of Maryland, 309Krecords; Home Depot, e-mail, cr cds • 2015: Several… + Office of Personnel Management, 18M records About my motivation for developing secure systems…
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 IT-oLogy Trends 2015 –Columbia, SC Let’s talk about risk management…
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 IT-oLogy Trends 2015 –Columbia, SC What is “Security”?
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 IT-oLogy Trends 2015 –Columbia, SC What is “Security”? Definitions from The American Heritage® Dictionary of the English Language, 4th Edition n. Freedom from risk or danger; safety. n. Freedom from doubt, anxiety, or fear; confidence. n. Something that gives or assures safety
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 IT-oLogy Trends 2015 –Columbia, SC Security Issue?
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 IT-oLogy Trends 2015 –Columbia, SC “Security is never black and white, and context matters more than technology” – Bruce Schneier Secrets & Lies: Digital Security in a Networked World Security Issue?
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 IT-oLogy Trends 2015 –Columbia, SC So… Security Issue?
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 IT-oLogy Trends 2015 –Columbia, SC So… Security Issue? As you go about the business of developing and enhancing systems in support of today’s digital transformation, it’s important to keep findings in perspective. Pay attention to the weeds—youmay need to eliminate them—but don’t get lostin them. Maybe
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 IT-oLogy Trends 2015 –Columbia, SC Agenda Why Software Security is Hard Creating a Foundation Building Security In Lessons Learned
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. WhySoftwareSecurityisHard
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 IT-oLogy Trends 2015 –Columbia, SC Current solutions protect the perimeter Yet, 84% of breaches occur in the application software
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 IT-oLogy Trends 2015 –Columbia, SC The number of apps is growing IN-HOUSE DEVELOPMENTLEGACY SOFTWARE OPEN SOURCEOUTSOURCED COMMERCIAL PRODUCTION Increasing platforms and complexity …many delivery models
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 IT-oLogy Trends 2015 –Columbia, SC 15 “I just want to be a coder; I’m really not interested in security.” – Security Consultant Candidate Developers are NOT trained to be security experts
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 IT-oLogy Trends 2015 –Columbia, SC Attacks have a proven life cycle Research Research potential targets Monetization Data sold on black market Infiltration Phishing attack and malware Discovery Mapping breached environment Capture Obtain data Exfiltration Exfiltrate/destroy stolen data
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 IT-oLogy Trends 2015 –Columbia, SC Attack life cycle risk mitigation Research Research Potential Targets Monetization Data sold on black market Infiltration Phishing Attack and Malware Discovery Mapping Breached Environment Capture Obtain data Exfiltration Exfiltrate/destroy Stolen data Threat intelligence • Security Research Block adversary • Network • Software Detect adversary • SEIM • UBA Protect data • At rest • In motion Mitigate damage • Breach Response
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 IT-oLogy Trends 2015 –Columbia, SC median time to detect breach205days 2013 January February March April May June July August September October November December 2014 January February March April Source:Mandiant M-Trends 2015Threat Report
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 IT-oLogy Trends 2015 –Columbia, SC Conflicting views over the priority of security 1 Source: Osterman Research White Paper, Jan 2015
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 IT-oLogy Trends 2015 –Columbia, SC Top challenges in achieving software security goals* Source:Gatepoint Research Pulse Report,Oct 2014 n = 300 executives *Read as: software security assurance (SSA) program goals
© Copyright2015 Hewlett-Packard Development Company, L.P. Theinformation contained herein issubject to change withoutnotice. “Itisnecessarythatpeopleworktogether inunisontowardcommonobjectivesand avoidworkingatcrosspurposesat all levelsifthe ultimateinefficiencyand achievementisto beobtained.” Dave Packard Co-founder,Hewlett-Packard
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. CreatingaFoundation
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 IT-oLogy Trends 2015 –Columbia, SC Obtain stakeholder alignment with a common vision Creating a Foundation • Establish security-related goals that are directly tied to the firm’s mission Mission Goals Objectives Strategy m m m KPI Policy Standards Training
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Goal n Security Group Goal 1 ......... Ent. Security ... Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware Goal 1 ......... Ent. Security ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Goal n Security Group ... Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware Goal 1 ......... Ent. Security ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Goal n Security Group ... Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware Goal 1 ......... Ent. Security ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Group ... Goal n Security Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 IT-oLogy Trends 2015 –Columbia, SC Example: Private SectorFinancial Creating a Foundation Corp Mission Statement Goal 1 Goal 2 Goal 3 Protect our customers’ data Goal n
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29 IT-oLogy Trends 2015 –Columbia, SC Example: Private SectorFinancial Creating a Foundation Corp Mission Statement Goal 1 Goal 2 Goal 3 Protect our customers’ data Goal n Corp Security Group Security Goal 1 Security Goal 2 Security Goal 3 Security Goal n
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30 IT-oLogy Trends 2015 –Columbia, SC Example: Private SectorFinancial Creating a Foundation Corp Mission Statement Goal 1 Goal 2 Goal 3 Protect our customers’ data Goal n Corp Security Group Security Goal 1 Security Goal 2 Security Goal 3 Security Goal n Proactively identify and mitigateriskin all Mission Critical applications
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. BuildingSecurityIn
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34 IT-oLogy Trends 2015 –Columbia, SC Consider using a software security framework (SSF)as a guide Building Security In • Establish security-related goals that are directly tied to the firm’s mission • Develop a security strategy that is designed to support achievement of the security goal(s) Mission Goals Objectives Strategy m m m KPI Policy Standards Training
© Copyright2015 Hewlett-Packard Development Company, L.P. Theinformation contained herein issubject to change withoutnotice. “There are knownknowns. These are things weknowthat we know.Thereareknown unknowns.Thatisto say,there arethings thatweknowwedon'tknow.But there are also unknownunknowns. There are things wedon't knowwedon't know. Donald Rumsfeld FormerUS Secretary ofDefence
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36 IT-oLogy Trends 2015 –Columbia, SC Building Security In Design Construct Test Deploy Establish a security gate to understand security posture of portfolio Security Gate Governance • Strategy and Metrics • Policy and Compliance • Education and Guidance Construction • Security Requirements • Threat Assessment • Security Architecture Verification • Design Review • Implementation Review • Security testing Operations • Environment Hardening • Issue Management • Operational Enablement
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37 IT-oLogy Trends 2015 –Columbia, SC With assessment results available, the unknown is known Building Security In • Establish security-related goals that are directly tied to the firm’s mission • Develop a security strategy that is designed to support achievement of the security goal(s) • Based upon business priorities and portfolio risk*, design time-constrained, measurable objectives • Only choosemetrics and constructKPI’s that show progress toward meeting the objectives; nothing else *portfolio isknown, classified and risk-ranked Mission Goals Objectives Strategy m m m KPI Policy Standards Training
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41 IT-oLogy Trends 2015 –Columbia, SC Measure thoughtfully Building Security In • Establish security-related goals that are directly tied to the firm’s mission • Develop a security strategy that is designed to support achievement of the security goal(s) • Based upon business priorities and portfolio risk*, design time-constrained, measurable objectives • Only choosemetrics and constructKPI’s that show progress toward meeting the objectives; nothing else *portfolio isknown, classified and risk-ranked Mission Goals Objectives Strategy m m m KPI Policy Standards Training
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42 IT-oLogy Trends 2015 –Columbia, SC Building Security In: Lessons Learned • Complex problems with complex solutions • All organizational levels must be made aware of the risks associated with software vulnerabilities • No education / training == unmet expectations Awareness, Education and Training
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43 IT-oLogy Trends 2015 –Columbia, SC • Before assessment,establish policies and set expectations • Ensure that policies and expectations are communicated to all stakeholders • Consistently enforce policies and measure expectation achievement Clear Communication Regarding Security Building Security In: Lessons Learned
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44 IT-oLogy Trends 2015 –Columbia, SC • Network Security / Information Assurance people are not software security people • Development background is a necessity • Even with a development background, extensive training and experience is needed Software Security is a Unique Skill Set Building Security In: Lessons Learned
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45 IT-oLogy Trends 2015 –Columbia, SC • Network Security / Information Assurance people are not software security people • Development background is a necessity • Even with a development background, extensive training and experience is needed • Developers should NOT be expected to be security experts Software Security is a Unique Skill Set Building Security In: Lessons Learned
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46 IT-oLogy Trends 2015 –Columbia, SC Summary • Workto gain and maintain executive-levelsupport • Developsecuritygoals, strategy& objectives • Train staffto comply withpolicy • Use technologyappropriately • Measure,report,adjust Managing risk in the face of digital transformation
© Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thankyou hp.com/go/fortifyssa Bruce C Jenkins bcj@hpe.com

Recommended

2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfo2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfoIntacct Corporation
 
CPA ONE 2016 - Big data: big decisions or big fallacy
CPA ONE 2016 - Big data: big decisions or big fallacyCPA ONE 2016 - Big data: big decisions or big fallacy
CPA ONE 2016 - Big data: big decisions or big fallacyLaurie Desautels
 
GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...
GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...
GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...Laurie Desautels
 
ผลไม้
ผลไม้ผลไม้
ผลไม้Pongsathorn Seangdet
 
Cv in short form
Cv in short formCv in short form
Cv in short formDwight Vick
 
คู่มือการสร้างบล็อก
คู่มือการสร้างบล็อกคู่มือการสร้างบล็อก
คู่มือการสร้างบล็อกMarisa Mongkonkool
 
PresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAs
PresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAsPresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAs
PresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAsguest16f9315
 
20.第六天.哥多華百花巷.晚餐.住宿
20.第六天.哥多華百花巷.晚餐.住宿20.第六天.哥多華百花巷.晚餐.住宿
20.第六天.哥多華百花巷.晚餐.住宿溫秀嬌
 

Recommended

2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfo2015 1029 webinar_meet_the_tech_savvy_cfo
2015 1029 webinar_meet_the_tech_savvy_cfoIntacct Corporation
 
CPA ONE 2016 - Big data: big decisions or big fallacy
CPA ONE 2016 - Big data: big decisions or big fallacyCPA ONE 2016 - Big data: big decisions or big fallacy
CPA ONE 2016 - Big data: big decisions or big fallacyLaurie Desautels
 
GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...
GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...
GTEC 2016 beyond waterfall lessons learned on agile in digital government, Pw...Laurie Desautels
 
ผลไม้
ผลไม้ผลไม้
ผลไม้Pongsathorn Seangdet
 
Cv in short form
Cv in short formCv in short form
Cv in short formDwight Vick
 
คู่มือการสร้างบล็อก
คู่มือการสร้างบล็อกคู่มือการสร้างบล็อก
คู่มือการสร้างบล็อกMarisa Mongkonkool
 
PresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAs
PresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAsPresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAs
PresentacióN Revista Digital De EducacióN Y Nuevas TecnologíAsguest16f9315
 
20.第六天.哥多華百花巷.晚餐.住宿
20.第六天.哥多華百花巷.晚餐.住宿20.第六天.哥多華百花巷.晚餐.住宿
20.第六天.哥多華百花巷.晚餐.住宿溫秀嬌
 
โครงงานคอมพิวเตอร์
โครงงานคอมพิวเตอร์โครงงานคอมพิวเตอร์
โครงงานคอมพิวเตอร์Thanvikan Treetrairattanakul
 
โครงงานคอมพิวเตอร์ 2559
โครงงานคอมพิวเตอร์ 2559โครงงานคอมพิวเตอร์ 2559
โครงงานคอมพิวเตอร์ 2559shinishi
 
10 อันดับทะเลปอโอ
10 อันดับทะเลปอโอ10 อันดับทะเลปอโอ
10 อันดับทะเลปอโอOporfunJubJub
 
матеріали для мякої іграшки
матеріали для мякої іграшкиматеріали для мякої іграшки
матеріали для мякої іграшкиAndy Levkovich
 
Mémoire M2 PRO Teodora Virban
Mémoire M2 PRO Teodora VirbanMémoire M2 PRO Teodora Virban
Mémoire M2 PRO Teodora VirbanTeodora Virban
 
Досвід роботи соціального педагога Тараненко К. В.
Досвід роботи соціального педагога Тараненко К. В.Досвід роботи соціального педагога Тараненко К. В.
Досвід роботи соціального педагога Тараненко К. В.school-2
 
Internet marketing
Internet marketingInternet marketing
Internet marketingSAMI KHAN
 
Vertical control in straight wire technique , intrusion mechanics
Vertical control in straight wire technique , intrusion mechanics Vertical control in straight wire technique , intrusion mechanics
Vertical control in straight wire technique , intrusion mechanics Indian dental academy
 
Gender Inequality
Gender InequalityGender Inequality
Gender Inequalityr3h1na
 
PPC Audit Sample & AdWords Review from Markitors
PPC Audit Sample & AdWords Review from MarkitorsPPC Audit Sample & AdWords Review from Markitors
PPC Audit Sample & AdWords Review from MarkitorsBrett Farmiloe
 
ЧарIвна краса вишиванки
ЧарIвна краса вишиванкиЧарIвна краса вишиванки
ЧарIвна краса вишиванкиЦентралізована бібліотечна система для дітей
 
Rapport projet pfe
Rapport projet pfeRapport projet pfe
Rapport projet pfeHicham Moujahid
 
nfcpy 0.10.0 でハマった話
nfcpy 0.10.0 でハマった話nfcpy 0.10.0 でハマった話
nfcpy 0.10.0 でハマった話Masaki Yamamoto
 
SK8
SK8SK8
SK8Phurinut Polharn
 
Executive guidedatastrategy email
Executive guidedatastrategy emailExecutive guidedatastrategy email
Executive guidedatastrategy emailDATAVERSITY
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
 
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeeBig Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeePeter Coffee
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security programCloudBees
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
 
Roadmap Your Senior Leader Selection: Step 3. Insight
Roadmap Your Senior Leader Selection: Step 3. InsightRoadmap Your Senior Leader Selection: Step 3. Insight
Roadmap Your Senior Leader Selection: Step 3. InsightDDI | Development Dimensions International
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)Copaco Nederland
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 

More Related Content

Viewers also liked

โครงงานคอมพิวเตอร์
โครงงานคอมพิวเตอร์โครงงานคอมพิวเตอร์
โครงงานคอมพิวเตอร์Thanvikan Treetrairattanakul
 
โครงงานคอมพิวเตอร์ 2559
โครงงานคอมพิวเตอร์ 2559โครงงานคอมพิวเตอร์ 2559
โครงงานคอมพิวเตอร์ 2559shinishi
 
10 อันดับทะเลปอโอ
10 อันดับทะเลปอโอ10 อันดับทะเลปอโอ
10 อันดับทะเลปอโอOporfunJubJub
 
матеріали для мякої іграшки
матеріали для мякої іграшкиматеріали для мякої іграшки
матеріали для мякої іграшкиAndy Levkovich
 
Mémoire M2 PRO Teodora Virban
Mémoire M2 PRO Teodora VirbanMémoire M2 PRO Teodora Virban
Mémoire M2 PRO Teodora VirbanTeodora Virban
 
Досвід роботи соціального педагога Тараненко К. В.
Досвід роботи соціального педагога Тараненко К. В.Досвід роботи соціального педагога Тараненко К. В.
Досвід роботи соціального педагога Тараненко К. В.school-2
 
Internet marketing
Internet marketingInternet marketing
Internet marketingSAMI KHAN
 
Vertical control in straight wire technique , intrusion mechanics
Vertical control in straight wire technique , intrusion mechanics Vertical control in straight wire technique , intrusion mechanics
Vertical control in straight wire technique , intrusion mechanics Indian dental academy
 
Gender Inequality
Gender InequalityGender Inequality
Gender Inequalityr3h1na
 
PPC Audit Sample & AdWords Review from Markitors
PPC Audit Sample & AdWords Review from MarkitorsPPC Audit Sample & AdWords Review from Markitors
PPC Audit Sample & AdWords Review from MarkitorsBrett Farmiloe
 
nfcpy 0.10.0 でハマった話
nfcpy 0.10.0 でハマった話nfcpy 0.10.0 でハマった話
nfcpy 0.10.0 でハマった話Masaki Yamamoto
 

Viewers also liked (14)

โครงงานคอมพิวเตอร์
โครงงานคอมพิวเตอร์โครงงานคอมพิวเตอร์
โครงงานคอมพิวเตอร์
 
โครงงานคอมพิวเตอร์ 2559
โครงงานคอมพิวเตอร์ 2559โครงงานคอมพิวเตอร์ 2559
โครงงานคอมพิวเตอร์ 2559
 
10 อันดับทะเลปอโอ
10 อันดับทะเลปอโอ10 อันดับทะเลปอโอ
10 อันดับทะเลปอโอ
 
матеріали для мякої іграшки
матеріали для мякої іграшкиматеріали для мякої іграшки
матеріали для мякої іграшки
 
Mémoire M2 PRO Teodora Virban
Mémoire M2 PRO Teodora VirbanMémoire M2 PRO Teodora Virban
Mémoire M2 PRO Teodora Virban
 
Досвід роботи соціального педагога Тараненко К. В.
Досвід роботи соціального педагога Тараненко К. В.Досвід роботи соціального педагога Тараненко К. В.
Досвід роботи соціального педагога Тараненко К. В.
 
Internet marketing
Internet marketingInternet marketing
Internet marketing
 
Vertical control in straight wire technique , intrusion mechanics
Vertical control in straight wire technique , intrusion mechanics Vertical control in straight wire technique , intrusion mechanics
Vertical control in straight wire technique , intrusion mechanics
 
Gender Inequality
Gender InequalityGender Inequality
Gender Inequality
 
PPC Audit Sample & AdWords Review from Markitors
PPC Audit Sample & AdWords Review from MarkitorsPPC Audit Sample & AdWords Review from Markitors
PPC Audit Sample & AdWords Review from Markitors
 
ЧарIвна краса вишиванки
ЧарIвна краса вишиванкиЧарIвна краса вишиванки
ЧарIвна краса вишиванки
 
Rapport projet pfe
Rapport projet pfeRapport projet pfe
Rapport projet pfe
 
nfcpy 0.10.0 でハマった話
nfcpy 0.10.0 でハマった話nfcpy 0.10.0 でハマった話
nfcpy 0.10.0 でハマった話
 
SK8
SK8SK8
SK8
 

Similar to Software Security Assurance - Bruce Jenkins

Executive guidedatastrategy email
Executive guidedatastrategy emailExecutive guidedatastrategy email
Executive guidedatastrategy emailDATAVERSITY
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Jimmy Blake
 
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeeBig Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeePeter Coffee
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security programCloudBees
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)Copaco Nederland
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Enterprise Italia
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsHP Enterprise Italia
 
Suddenly I am a Software Company
Suddenly I am a Software CompanySuddenly I am a Software Company
Suddenly I am a Software CompanyMilind Patwardhan
 
Enabling a Culture of Self-Service Analytics
Enabling a Culture of Self-Service AnalyticsEnabling a Culture of Self-Service Analytics
Enabling a Culture of Self-Service AnalyticsPrecisely
 
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...CA Technologies
 
Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Christian Verstraete
 
Breakthrough experiments in data science: Practical lessons for success
Breakthrough experiments in data science: Practical lessons for successBreakthrough experiments in data science: Practical lessons for success
Breakthrough experiments in data science: Practical lessons for successAmanda Sirianni
 
Data science capabilities
Data science capabilitiesData science capabilities
Data science capabilitiesYann Lecourt
 
Data science capabilities
Data science capabilitiesData science capabilities
Data science capabilitiesVincent Bellamy
 
Data science capabilities
Data science capabilitiesData science capabilities
Data science capabilitiesMathieu Boucher
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown JewelsIBM Security
 
Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...
Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...
Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...Mike Morsch
 

Similar to Software Security Assurance - Bruce Jenkins (20)

Executive guidedatastrategy email
Executive guidedatastrategy emailExecutive guidedatastrategy email
Executive guidedatastrategy email
 
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
Stop looking for the silver bullet start thinking like a bad guy - IDC IT Sec...
 
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.CoffeeBig Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
Big Data Goes to Work - Liberating Latent Value in a Connected World - P.Coffee
 
3 tips to funding your security program
3 tips to funding your security program3 tips to funding your security program
3 tips to funding your security program
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
 
Roadmap Your Senior Leader Selection: Step 3. Insight
Roadmap Your Senior Leader Selection: Step 3. InsightRoadmap Your Senior Leader Selection: Step 3. Insight
Roadmap Your Senior Leader Selection: Step 3. Insight
 
HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)HP Helion - Copaco Cloud Event 2015 (break-out 4)
HP Helion - Copaco Cloud Event 2015 (break-out 4)
 
HP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data BreachHP Software Performance Tour 2014 - Guarding against the Data Breach
HP Software Performance Tour 2014 - Guarding against the Data Breach
 
Criminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their MethodsCriminal Education: Lessons from the Criminals and Their Methods
Criminal Education: Lessons from the Criminals and Their Methods
 
Suddenly I am a Software Company
Suddenly I am a Software CompanySuddenly I am a Software Company
Suddenly I am a Software Company
 
Enabling a Culture of Self-Service Analytics
Enabling a Culture of Self-Service AnalyticsEnabling a Culture of Self-Service Analytics
Enabling a Culture of Self-Service Analytics
 
8 Steps to Creating a Data Strategy
8 Steps to Creating a Data Strategy8 Steps to Creating a Data Strategy
8 Steps to Creating a Data Strategy
 
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
When Downtime Isn’t an Option: Performance Optimization Analytics in the Era ...
 
Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2Incorporating cloud computing for enhanced communication v2
Incorporating cloud computing for enhanced communication v2
 
Breakthrough experiments in data science: Practical lessons for success
Breakthrough experiments in data science: Practical lessons for successBreakthrough experiments in data science: Practical lessons for success
Breakthrough experiments in data science: Practical lessons for success
 
Data science capabilities
Data science capabilitiesData science capabilities
Data science capabilities
 
Data science capabilities
Data science capabilitiesData science capabilities
Data science capabilities
 
Data science capabilities
Data science capabilitiesData science capabilities
Data science capabilities
 
5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels5 Steps to Securing Your Company's Crown Jewels
5 Steps to Securing Your Company's Crown Jewels
 
Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...
Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...
Mike Morsch - Gartner Supply Chain Peer Forum Presentation on Transforming Fu...
 

More from IT-oLogy

Low Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De BlockLow Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De BlockIT-oLogy
 
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...IT-oLogy
 
National Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael KaiserNational Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael KaiserIT-oLogy
 
Keep Your Family Safe Online - Michael Kaiser
Keep Your Family Safe Online - Michael KaiserKeep Your Family Safe Online - Michael Kaiser
Keep Your Family Safe Online - Michael KaiserIT-oLogy
 
ID Theft: What You Need to Know - Juliana Harris
ID Theft: What You Need to Know - Juliana HarrisID Theft: What You Need to Know - Juliana Harris
ID Theft: What You Need to Know - Juliana HarrisIT-oLogy
 
Cyber Breach: A Legal Perspective - Jarrett Coco
Cyber Breach: A Legal Perspective - Jarrett CocoCyber Breach: A Legal Perspective - Jarrett Coco
Cyber Breach: A Legal Perspective - Jarrett CocoIT-oLogy
 
Cybersecurity in South Carolina - Major General Les Eisner
Cybersecurity in South Carolina - Major General Les EisnerCybersecurity in South Carolina - Major General Les Eisner
Cybersecurity in South Carolina - Major General Les EisnerIT-oLogy
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad CravensIT-oLogy
 
Live Exploit - Chad Cravens
Live Exploit - Chad CravensLive Exploit - Chad Cravens
Live Exploit - Chad CravensIT-oLogy
 
In the Wake of Ashley Madison - Jim Salter
In the Wake of Ashley Madison - Jim SalterIn the Wake of Ashley Madison - Jim Salter
In the Wake of Ashley Madison - Jim SalterIT-oLogy
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterIT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...IT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...IT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...IT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...IT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...IT-oLogy
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy
 
IT-oLogy Summit on Information Technology: KEYNOTE: Matt Gardner
IT-oLogy Summit on Information Technology: KEYNOTE: Matt GardnerIT-oLogy Summit on Information Technology: KEYNOTE: Matt Gardner
IT-oLogy Summit on Information Technology: KEYNOTE: Matt GardnerIT-oLogy
 

More from IT-oLogy (20)

Low Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De BlockLow Cost Tools for Security Challenges - Timothy De Block
Low Cost Tools for Security Challenges - Timothy De Block
 
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...
How Smart Leaders Anticipate Breach to Protect Their Companies - Michael Sant...
 
National Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael KaiserNational Cyber Security Awareness Month - Michael Kaiser
National Cyber Security Awareness Month - Michael Kaiser
 
Keep Your Family Safe Online - Michael Kaiser
Keep Your Family Safe Online - Michael KaiserKeep Your Family Safe Online - Michael Kaiser
Keep Your Family Safe Online - Michael Kaiser
 
ID Theft: What You Need to Know - Juliana Harris
ID Theft: What You Need to Know - Juliana HarrisID Theft: What You Need to Know - Juliana Harris
ID Theft: What You Need to Know - Juliana Harris
 
Cyber Breach: A Legal Perspective - Jarrett Coco
Cyber Breach: A Legal Perspective - Jarrett CocoCyber Breach: A Legal Perspective - Jarrett Coco
Cyber Breach: A Legal Perspective - Jarrett Coco
 
Cybersecurity in South Carolina - Major General Les Eisner
Cybersecurity in South Carolina - Major General Les EisnerCybersecurity in South Carolina - Major General Les Eisner
Cybersecurity in South Carolina - Major General Les Eisner
 
Open Security - Chad Cravens
Open Security - Chad CravensOpen Security - Chad Cravens
Open Security - Chad Cravens
 
Live Exploit - Chad Cravens
Live Exploit - Chad CravensLive Exploit - Chad Cravens
Live Exploit - Chad Cravens
 
In the Wake of Ashley Madison - Jim Salter
In the Wake of Ashley Madison - Jim SalterIn the Wake of Ashley Madison - Jim Salter
In the Wake of Ashley Madison - Jim Salter
 
Passwords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim SalterPasswords in the Internet Age - Jim Salter
Passwords in the Internet Age - Jim Salter
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC L...
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in Rock...
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC M...
 
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
IT-oLogy Summit on Information Technology: Regional Impact and Issues in SC U...
 
IT-oLogy Summit on Information Technology: KEYNOTE: Matt Gardner
IT-oLogy Summit on Information Technology: KEYNOTE: Matt GardnerIT-oLogy Summit on Information Technology: KEYNOTE: Matt Gardner
IT-oLogy Summit on Information Technology: KEYNOTE: Matt Gardner
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 

Software Security Assurance - Bruce Jenkins

  • 1. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. SoftwareSecurityAssurance Managingriskinthefaceofdigitaltransformation
  • 2. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.2 IT-oLogy Trends 2015 –Columbia, SC Bruce C Jenkins CISM, CISSP, CSSLP Fortify Security Lead AppSec Program Strategist Hewlett-Packard Company Current  Fortify product and information security  HP-internal application security program strategy  Customer-facing appsec workshops and strategy Former  Fortify Pro Services, 2007-2011  US Air Force, 1979-2007 About me
  • 3. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.3 IT-oLogy Trends 2015 –Columbia, SC • 2005: USAir Force personnel systembreached; 33Krecords exfiltrated • 2006: VA employee’s personal external drive stolen; 26M VA records at risk • 2007-2011: ??? • 2012: Thrift Saving Plan contractor’s systemattacked; 123KSSNs stolen • 2013: Target POS systemcompromised; up to 70M customers impacted • 2014: University of Maryland, 309Krecords; Home Depot, e-mail, cr cds • 2015: Several… + Office of Personnel Management, 18M records About my motivation for developing secure systems…
  • 4. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.4 IT-oLogy Trends 2015 –Columbia, SC Let’s talk about risk management…
  • 5. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.5 IT-oLogy Trends 2015 –Columbia, SC What is “Security”?
  • 6. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.6 IT-oLogy Trends 2015 –Columbia, SC What is “Security”? Definitions from The American Heritage® Dictionary of the English Language, 4th Edition n. Freedom from risk or danger; safety. n. Freedom from doubt, anxiety, or fear; confidence. n. Something that gives or assures safety
  • 7. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.7 IT-oLogy Trends 2015 –Columbia, SC Security Issue?
  • 8. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.8 IT-oLogy Trends 2015 –Columbia, SC “Security is never black and white, and context matters more than technology” – Bruce Schneier Secrets & Lies: Digital Security in a Networked World Security Issue?
  • 9. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.9 IT-oLogy Trends 2015 –Columbia, SC So… Security Issue?
  • 10. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.10 IT-oLogy Trends 2015 –Columbia, SC So… Security Issue? As you go about the business of developing and enhancing systems in support of today’s digital transformation, it’s important to keep findings in perspective. Pay attention to the weeds—youmay need to eliminate them—but don’t get lostin them. Maybe
  • 11. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.11 IT-oLogy Trends 2015 –Columbia, SC Agenda Why Software Security is Hard Creating a Foundation Building Security In Lessons Learned
  • 12. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. WhySoftwareSecurityisHard
  • 13. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.13 IT-oLogy Trends 2015 –Columbia, SC Current solutions protect the perimeter Yet, 84% of breaches occur in the application software
  • 14. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.14 IT-oLogy Trends 2015 –Columbia, SC The number of apps is growing IN-HOUSE DEVELOPMENTLEGACY SOFTWARE OPEN SOURCEOUTSOURCED COMMERCIAL PRODUCTION Increasing platforms and complexity …many delivery models
  • 15. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.15 IT-oLogy Trends 2015 –Columbia, SC 15 “I just want to be a coder; I’m really not interested in security.” – Security Consultant Candidate Developers are NOT trained to be security experts
  • 16. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.16 IT-oLogy Trends 2015 –Columbia, SC Attacks have a proven life cycle Research Research potential targets Monetization Data sold on black market Infiltration Phishing attack and malware Discovery Mapping breached environment Capture Obtain data Exfiltration Exfiltrate/destroy stolen data
  • 17. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.17 IT-oLogy Trends 2015 –Columbia, SC Attack life cycle risk mitigation Research Research Potential Targets Monetization Data sold on black market Infiltration Phishing Attack and Malware Discovery Mapping Breached Environment Capture Obtain data Exfiltration Exfiltrate/destroy Stolen data Threat intelligence • Security Research Block adversary • Network • Software Detect adversary • SEIM • UBA Protect data • At rest • In motion Mitigate damage • Breach Response
  • 18. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.18 IT-oLogy Trends 2015 –Columbia, SC median time to detect breach205days 2013 January February March April May June July August September October November December 2014 January February March April Source:Mandiant M-Trends 2015Threat Report
  • 19. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.19 IT-oLogy Trends 2015 –Columbia, SC Conflicting views over the priority of security 1 Source: Osterman Research White Paper, Jan 2015
  • 20. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.20 IT-oLogy Trends 2015 –Columbia, SC Top challenges in achieving software security goals* Source:Gatepoint Research Pulse Report,Oct 2014 n = 300 executives *Read as: software security assurance (SSA) program goals
  • 21. © Copyright2015 Hewlett-Packard Development Company, L.P. Theinformation contained herein issubject to change withoutnotice. “Itisnecessarythatpeopleworktogether inunisontowardcommonobjectivesand avoidworkingatcrosspurposesat all levelsifthe ultimateinefficiencyand achievementisto beobtained.” Dave Packard Co-founder,Hewlett-Packard
  • 22. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. CreatingaFoundation
  • 23. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.23 IT-oLogy Trends 2015 –Columbia, SC Obtain stakeholder alignment with a common vision Creating a Foundation • Establish security-related goals that are directly tied to the firm’s mission Mission Goals Objectives Strategy m m m KPI Policy Standards Training
  • 24. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.24 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Goal n Security Group Goal 1 ......... Ent. Security ... Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
  • 25. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.25 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware Goal 1 ......... Ent. Security ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Goal n Security Group ... Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
  • 26. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.26 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware Goal 1 ......... Ent. Security ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Goal n Security Group ... Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
  • 27. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.27 IT-oLogy Trends 2015 –Columbia, SC Example: Hewlett-Packard Co Creating a Foundation Profit Customer Loyalty Growth Market Leadership Commitment to Employees Leadership Capability Global Citizenship Hewlett-Packard ... Goal 1 ...... Goal n HPSoftware Goal 1 ......... Ent. Security ... Goal 1 ... Goal n Fortify … Security Goal 1 ……… Security Group ... Goal n Security Goal n See HP’s Corporate Objectivesat http://www8.hp.com/us/en/hp-information/about-hp/corporate-objectives.html
  • 28. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.28 IT-oLogy Trends 2015 –Columbia, SC Example: Private SectorFinancial Creating a Foundation Corp Mission Statement Goal 1 Goal 2 Goal 3 Protect our customers’ data Goal n
  • 29. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.29 IT-oLogy Trends 2015 –Columbia, SC Example: Private SectorFinancial Creating a Foundation Corp Mission Statement Goal 1 Goal 2 Goal 3 Protect our customers’ data Goal n Corp Security Group Security Goal 1 Security Goal 2 Security Goal 3 Security Goal n
  • 30. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.30 IT-oLogy Trends 2015 –Columbia, SC Example: Private SectorFinancial Creating a Foundation Corp Mission Statement Goal 1 Goal 2 Goal 3 Protect our customers’ data Goal n Corp Security Group Security Goal 1 Security Goal 2 Security Goal 3 Security Goal n Proactively identify and mitigateriskin all Mission Critical applications
  • 31. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. BuildingSecurityIn
  • 32. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.34 IT-oLogy Trends 2015 –Columbia, SC Consider using a software security framework (SSF)as a guide Building Security In • Establish security-related goals that are directly tied to the firm’s mission • Develop a security strategy that is designed to support achievement of the security goal(s) Mission Goals Objectives Strategy m m m KPI Policy Standards Training
  • 33. © Copyright2015 Hewlett-Packard Development Company, L.P. Theinformation contained herein issubject to change withoutnotice. “There are knownknowns. These are things weknowthat we know.Thereareknown unknowns.Thatisto say,there arethings thatweknowwedon'tknow.But there are also unknownunknowns. There are things wedon't knowwedon't know. Donald Rumsfeld FormerUS Secretary ofDefence
  • 34. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.36 IT-oLogy Trends 2015 –Columbia, SC Building Security In Design Construct Test Deploy Establish a security gate to understand security posture of portfolio Security Gate Governance • Strategy and Metrics • Policy and Compliance • Education and Guidance Construction • Security Requirements • Threat Assessment • Security Architecture Verification • Design Review • Implementation Review • Security testing Operations • Environment Hardening • Issue Management • Operational Enablement
  • 35. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.37 IT-oLogy Trends 2015 –Columbia, SC With assessment results available, the unknown is known Building Security In • Establish security-related goals that are directly tied to the firm’s mission • Develop a security strategy that is designed to support achievement of the security goal(s) • Based upon business priorities and portfolio risk*, design time-constrained, measurable objectives • Only choosemetrics and constructKPI’s that show progress toward meeting the objectives; nothing else *portfolio isknown, classified and risk-ranked Mission Goals Objectives Strategy m m m KPI Policy Standards Training
  • 36. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.41 IT-oLogy Trends 2015 –Columbia, SC Measure thoughtfully Building Security In • Establish security-related goals that are directly tied to the firm’s mission • Develop a security strategy that is designed to support achievement of the security goal(s) • Based upon business priorities and portfolio risk*, design time-constrained, measurable objectives • Only choosemetrics and constructKPI’s that show progress toward meeting the objectives; nothing else *portfolio isknown, classified and risk-ranked Mission Goals Objectives Strategy m m m KPI Policy Standards Training
  • 37. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.42 IT-oLogy Trends 2015 –Columbia, SC Building Security In: Lessons Learned • Complex problems with complex solutions • All organizational levels must be made aware of the risks associated with software vulnerabilities • No education / training == unmet expectations Awareness, Education and Training
  • 38. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.43 IT-oLogy Trends 2015 –Columbia, SC • Before assessment,establish policies and set expectations • Ensure that policies and expectations are communicated to all stakeholders • Consistently enforce policies and measure expectation achievement Clear Communication Regarding Security Building Security In: Lessons Learned
  • 39. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.44 IT-oLogy Trends 2015 –Columbia, SC • Network Security / Information Assurance people are not software security people • Development background is a necessity • Even with a development background, extensive training and experience is needed Software Security is a Unique Skill Set Building Security In: Lessons Learned
  • 40. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.45 IT-oLogy Trends 2015 –Columbia, SC • Network Security / Information Assurance people are not software security people • Development background is a necessity • Even with a development background, extensive training and experience is needed • Developers should NOT be expected to be security experts Software Security is a Unique Skill Set Building Security In: Lessons Learned
  • 41. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.46 IT-oLogy Trends 2015 –Columbia, SC Summary • Workto gain and maintain executive-levelsupport • Developsecuritygoals, strategy& objectives • Train staffto comply withpolicy • Use technologyappropriately • Measure,report,adjust Managing risk in the face of digital transformation
  • 42. © Copyright 2015 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Thankyou hp.com/go/fortifyssa Bruce C Jenkins bcj@hpe.com