SlideShare a Scribd company logo

Hack2Secure Assists Organization in Secure Application Development Through BSIMM-7 Framework

Download as ODP, PDF
H
hack2s

BSIMM is a software security measurement framework established to help organisations compare their software security to other organisations initiatives and find out where they stand.

Education
1 of 10
BSIMM-7 Software Security Framework ● BSIMM is a software security measurement framework established to help organizations compare their software security to other organizations initiatives and find out where they stand. ● The Building Security In Maturity Model is a study of existing software security initiatives. ● By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. ● The model is based on the study done on organizations across the industries like financial service sectors, Healthcare sectors, Software sectors, cloud providers and more.
How Does BSIMM7 Work?? ● The model is based on observational science around software security. ● Over the years of research and findings, it provides a common measuring stick with using 113 activities for organizations. ● These activities are broken into 12 practices organized into 4 Domains viz. Governance, Intelligence, SSDL Touch points and Deployment. ● BSIMM7 Software Security Framework (SSF) and activity description provides a common mechanism to explain elements of Software security initiatives, thus enabling organizations to uniformly compare their maturity model accordingly. ● BSIMM7 is the 7th major version of BSIMM model.
Advantages of Adopting BSIMM7 Framework Enables organizations to start a Software Security Initiative. ● Enables Organizations to start a Software Security Initiative. ● Provide standard measuring criteria to measure and comparing SSI within domain or industry. ● Helps organizations to learn from other’s mistakes. So that they don’t repeat the same. ● It helps the members of The BSIMM community by bringing together people from companies who've measured and they can compare notes and realize that often they have the same problems.
● It gives you the clarity on what is the right thing to do. ● This model will helps industries and business units, measure the current state of their software security initiative, identify gaps, prioritize change, by applying scientific principles. ● It helps in Cost reduction through standard, repeatable processes. ● It will help them to plan, execute and measure initiate of their own without having on board any third party for the same.
● Governance: These are practices assisting companies to organise, manage and measure a Software Security Initiatives. ● Strategy & Metrics(SM): It ensures Security Process planning and publication assisting in defining software security goals and required measurement metrics. ● Compliance & Policy(CP):- Compliance and Policy practice has focus on regulatory or compliance drivers such as PCI DSS and HIP PA.
● Intelligence: These are practices results in collection and identification of corporate intelligence related with SSI. ● Attack Models (AM): In this practice developer think like an attacker and create knowledge of technology specific attack patterns. ● Security Features & Design (SFD): This practice provides guidance of building, reviewing and publication of proactive security features.
● Standards & Requirements (SR): This practice explains the standard explicit security requirements for the organizations. ● SSDL Touchpoints: It talks about essential security best practices required in Software development phases (SDLC). ● Architecture Analysis (AA): Primary goal of this practice is to build the quality control, by performing security feature and design review process for high-risk applications.
● Code Review (CR): This practices includes activities related with Secure Code implementation and review process. ● Security Testing (ST): It deals with activities related different Security Testing methods like Black- box, Fuzzing, Automation, Risk driven White Box Analysis etc. ● Deployment:- This domain includes practices that deals with network security and software maintenance requirements.
● Penetration Testing (PT): It involves the activities related with vulnerability discovery and correction of security defects, on to the software that has moved to deployment. ● Software Environment (SE): Practice includes activities related with Secure Software Deployment and maintenance. ● Configuration Management & Vulnerability Management (CMVM): The goal of this practice is track activities related with patching, version control and change management.

Recommended

Service-Oriented Security Engineering
Service-Oriented Security EngineeringService-Oriented Security Engineering
Service-Oriented Security EngineeringRichard Veryard
 
Information Security Engineer - Shanghai
Information Security Engineer - ShanghaiInformation Security Engineer - Shanghai
Information Security Engineer - ShanghaiMohammed Sameer
 
BSI 100-30
BSI 100-30BSI 100-30
BSI 100-30Sergey Erohin
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran Krishnan
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Information Systems Manager Job Description
Information Systems Manager Job DescriptionInformation Systems Manager Job Description
Information Systems Manager Job DescriptionDanai Thongsin
 
Strategic vendor evaluation
Strategic vendor evaluationStrategic vendor evaluation
Strategic vendor evaluationBradr998
 
Investigation phase in development of MIS
Investigation phase in development of MISInvestigation phase in development of MIS
Investigation phase in development of MISSarvajeet Halder
 

Recommended

Service-Oriented Security Engineering
Service-Oriented Security EngineeringService-Oriented Security Engineering
Service-Oriented Security EngineeringRichard Veryard
 
Information Security Engineer - Shanghai
Information Security Engineer - ShanghaiInformation Security Engineer - Shanghai
Information Security Engineer - ShanghaiMohammed Sameer
 
BSI 100-30
BSI 100-30BSI 100-30
BSI 100-30Sergey Erohin
 
Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran_9yrs_Information_security V1
Sivasankaran_9yrs_Information_security V1Sivasankaran Krishnan
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
Information Systems Manager Job Description
Information Systems Manager Job DescriptionInformation Systems Manager Job Description
Information Systems Manager Job DescriptionDanai Thongsin
 
Strategic vendor evaluation
Strategic vendor evaluationStrategic vendor evaluation
Strategic vendor evaluationBradr998
 
Investigation phase in development of MIS
Investigation phase in development of MISInvestigation phase in development of MIS
Investigation phase in development of MISSarvajeet Halder
 
Lesson 2 - System Specific Policy
Lesson 2 - System Specific PolicyLesson 2 - System Specific Policy
Lesson 2 - System Specific PolicyMLG College of Learning, Inc
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair ApproachMLG College of Learning, Inc
 
Requirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityRequirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityAmel Bennaceur
 
Security Architecture Principles
Security Architecture PrinciplesSecurity Architecture Principles
Security Architecture PrinciplesRichard Dempers
 
Network Security Expert and Risk Analyst
Network Security Expert and Risk AnalystNetwork Security Expert and Risk Analyst
Network Security Expert and Risk AnalystAshok K DL
 
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...Enterprise Mobile
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architectureUNSW Canberra
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Securadyne_Consulting_Services
Securadyne_Consulting_ServicesSecuradyne_Consulting_Services
Securadyne_Consulting_ServicesJAMES E. McDONALD, PSNA
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
Decision supportsystems
Decision supportsystemsDecision supportsystems
Decision supportsystemsFahad Sabah
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...adeel hamid
 
Risk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsRisk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsIT-Toolkits.org
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
Hands on IT risk assessment
Hands on IT risk assessmentHands on IT risk assessment
Hands on IT risk assessmentGeorge Delikouras
 
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsMohammad Abdul Matin Emon
 
Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.pptClashWithGROUDON
 
Building and Deploying an Information Systems.pptx
Building and Deploying an Information Systems.pptxBuilding and Deploying an Information Systems.pptx
Building and Deploying an Information Systems.pptxAROMALASHOKRCBS
 

More Related Content

What's hot

Requirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityRequirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityAmel Bennaceur
 
Security Architecture Principles
Security Architecture PrinciplesSecurity Architecture Principles
Security Architecture PrinciplesRichard Dempers
 
Network Security Expert and Risk Analyst
Network Security Expert and Risk AnalystNetwork Security Expert and Risk Analyst
Network Security Expert and Risk AnalystAshok K DL
 
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...Enterprise Mobile
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architectureUNSW Canberra
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Deepak Kamboj
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummarySteve Leventhal
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk managementG3 intelligence Ltd
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresSamuel Loomis
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
Decision supportsystems
Decision supportsystemsDecision supportsystems
Decision supportsystemsFahad Sabah
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...adeel hamid
 
Risk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsRisk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsIT-Toolkits.org
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueRapidValue
 
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsMohammad Abdul Matin Emon
 

What's hot (20)

Lesson 2 - System Specific Policy
Lesson 2 - System Specific PolicyLesson 2 - System Specific Policy
Lesson 2 - System Specific Policy
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
 
Requirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative SecurityRequirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative Security
 
Security Architecture Principles
Security Architecture PrinciplesSecurity Architecture Principles
Security Architecture Principles
 
Network Security Expert and Risk Analyst
Network Security Expert and Risk AnalystNetwork Security Expert and Risk Analyst
Network Security Expert and Risk Analyst
 
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
From Device Selection to Data Protection: Selecting the Right Mobility Soluti...
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architecture
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
 
Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions Magic quadrant for operational risk management solutions
Magic quadrant for operational risk management solutions
 
Securadyne_Consulting_Services
Securadyne_Consulting_ServicesSecuradyne_Consulting_Services
Securadyne_Consulting_Services
 
Cyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive SummaryCyber Security Program Realization in the Mid Market - Executive Summary
Cyber Security Program Realization in the Mid Market - Executive Summary
 
Practical approach to security risk management
Practical approach to security risk managementPractical approach to security risk management
Practical approach to security risk management
 
Generic_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_ProceduresGeneric_Sample_INFOSECPolicy_and_Procedures
Generic_Sample_INFOSECPolicy_and_Procedures
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
Decision supportsystems
Decision supportsystemsDecision supportsystems
Decision supportsystems
 
The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...The infrastructure and the security essentials of information technology in a...
The infrastructure and the security essentials of information technology in a...
 
Risk Management & Information Security Management Systems
Risk Management & Information Security Management SystemsRisk Management & Information Security Management Systems
Risk Management & Information Security Management Systems
 
How to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValueHow to Secure your Fintech Solution - A Whitepaper by RapidValue
How to Secure your Fintech Solution - A Whitepaper by RapidValue
 
Hands on IT risk assessment
Hands on IT risk assessmentHands on IT risk assessment
Hands on IT risk assessment
 
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
 

Similar to Hack2Secure Assists Organization in Secure Application Development Through BSIMM-7 Framework

Building and Deploying an Information Systems.pptx
Building and Deploying an Information Systems.pptxBuilding and Deploying an Information Systems.pptx
Building and Deploying an Information Systems.pptxAROMALASHOKRCBS
 
Secure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.pptSecure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.pptNeha Sharma
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityCigital
 
Business analysis
Business analysis Business analysis
Business analysis Gautam Kumar
 
Business analysis
Business analysis Business analysis
Business analysis Gautam Kumar
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft CorpAntoinette Williams
 
Expert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptxExpert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptxkathyzink87
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1ifi8106tlu
 
Ensuring Compliance with Industry Standards Through Application Security Test...
Ensuring Compliance with Industry Standards Through Application Security Test...Ensuring Compliance with Industry Standards Through Application Security Test...
Ensuring Compliance with Industry Standards Through Application Security Test...Anju21552
 
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docxBest Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docxtangyechloe
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principlesDivya Tiwari
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCruzIbarra161
 
7-lessons-learned-from-bsimm
7-lessons-learned-from-bsimm7-lessons-learned-from-bsimm
7-lessons-learned-from-bsimmMarie Peters
 
Application Security Maturity Model
Application Security Maturity ModelApplication Security Maturity Model
Application Security Maturity ModelSecurity Innovation
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity ModelCSCJournals
 
Project monitoring and control measures in cmmi
Project monitoring and control measures in cmmiProject monitoring and control measures in cmmi
Project monitoring and control measures in cmmiijcsit
 
INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...
INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...
INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...apidays
 

Similar to Hack2Secure Assists Organization in Secure Application Development Through BSIMM-7 Framework (20)

Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.ppt
 
Building and Deploying an Information Systems.pptx
Building and Deploying an Information Systems.pptxBuilding and Deploying an Information Systems.pptx
Building and Deploying an Information Systems.pptx
 
Secure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.pptSecure Software Development Models and Methods integrated with CMMI.ppt
Secure Software Development Models and Methods integrated with CMMI.ppt
 
BSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software SecurityBSIMM: Bringing Science to Software Security
BSIMM: Bringing Science to Software Security
 
Business analysis
Business analysis Business analysis
Business analysis
 
Business analysis
Business analysis Business analysis
Business analysis
 
Standards For Wright Aircraft Corp
Standards For Wright Aircraft CorpStandards For Wright Aircraft Corp
Standards For Wright Aircraft Corp
 
Expert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptxExpert Compliance Solutions by Ispectra Technologies.pptx
Expert Compliance Solutions by Ispectra Technologies.pptx
 
2015 03-04 presentation1
2015 03-04 presentation12015 03-04 presentation1
2015 03-04 presentation1
 
Ensuring Compliance with Industry Standards Through Application Security Test...
Ensuring Compliance with Industry Standards Through Application Security Test...Ensuring Compliance with Industry Standards Through Application Security Test...
Ensuring Compliance with Industry Standards Through Application Security Test...
 
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docxBest Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
Best Coding PracticesLaDonne White, Manager, Webtrain Inc. e.docx
 
ISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJISACA 2016 Application Security RGJ
ISACA 2016 Application Security RGJ
 
Security management concepts and principles
Security management concepts and principlesSecurity management concepts and principles
Security management concepts and principles
 
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares theCriterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
Criterion 1A - 4 - MasteryPros and Cons Thoroughly compares the
 
7-lessons-learned-from-bsimm
7-lessons-learned-from-bsimm7-lessons-learned-from-bsimm
7-lessons-learned-from-bsimm
 
Application Security Maturity Model
Application Security Maturity ModelApplication Security Maturity Model
Application Security Maturity Model
 
Information Security Maturity Model
Information Security Maturity ModelInformation Security Maturity Model
Information Security Maturity Model
 
Project monitoring and control measures in cmmi
Project monitoring and control measures in cmmiProject monitoring and control measures in cmmi
Project monitoring and control measures in cmmi
 
Object oriented analysis and design unit- i
Object oriented analysis and design unit- iObject oriented analysis and design unit- i
Object oriented analysis and design unit- i
 
INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...
INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...
INTERFACE by apidays 2023 - Secure Software Development Framework (SSDF) & AP...
 

Recently uploaded

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxPoojaSen20
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 

Recently uploaded (20)

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
MENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docxMENTAL STATUS EXAMINATION format.docx
MENTAL STATUS EXAMINATION format.docx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 

Hack2Secure Assists Organization in Secure Application Development Through BSIMM-7 Framework

  • 1. BSIMM-7 Software Security Framework ● BSIMM is a software security measurement framework established to help organizations compare their software security to other organizations initiatives and find out where they stand. ● The Building Security In Maturity Model is a study of existing software security initiatives. ● By quantifying the practices of many different organizations, we can describe the common ground shared by many as well as the variation that makes each unique. ● The model is based on the study done on organizations across the industries like financial service sectors, Healthcare sectors, Software sectors, cloud providers and more.
  • 2. How Does BSIMM7 Work?? ● The model is based on observational science around software security. ● Over the years of research and findings, it provides a common measuring stick with using 113 activities for organizations. ● These activities are broken into 12 practices organized into 4 Domains viz. Governance, Intelligence, SSDL Touch points and Deployment. ● BSIMM7 Software Security Framework (SSF) and activity description provides a common mechanism to explain elements of Software security initiatives, thus enabling organizations to uniformly compare their maturity model accordingly. ● BSIMM7 is the 7th major version of BSIMM model.
  • 3. Advantages of Adopting BSIMM7 Framework Enables organizations to start a Software Security Initiative. ● Enables Organizations to start a Software Security Initiative. ● Provide standard measuring criteria to measure and comparing SSI within domain or industry. ● Helps organizations to learn from other’s mistakes. So that they don’t repeat the same. ● It helps the members of The BSIMM community by bringing together people from companies who've measured and they can compare notes and realize that often they have the same problems.
  • 4. ● It gives you the clarity on what is the right thing to do. ● This model will helps industries and business units, measure the current state of their software security initiative, identify gaps, prioritize change, by applying scientific principles. ● It helps in Cost reduction through standard, repeatable processes. ● It will help them to plan, execute and measure initiate of their own without having on board any third party for the same.
  • 5.
  • 6. ● Governance: These are practices assisting companies to organise, manage and measure a Software Security Initiatives. ● Strategy & Metrics(SM): It ensures Security Process planning and publication assisting in defining software security goals and required measurement metrics. ● Compliance & Policy(CP):- Compliance and Policy practice has focus on regulatory or compliance drivers such as PCI DSS and HIP PA.
  • 7. ● Intelligence: These are practices results in collection and identification of corporate intelligence related with SSI. ● Attack Models (AM): In this practice developer think like an attacker and create knowledge of technology specific attack patterns. ● Security Features & Design (SFD): This practice provides guidance of building, reviewing and publication of proactive security features.
  • 8. ● Standards & Requirements (SR): This practice explains the standard explicit security requirements for the organizations. ● SSDL Touchpoints: It talks about essential security best practices required in Software development phases (SDLC). ● Architecture Analysis (AA): Primary goal of this practice is to build the quality control, by performing security feature and design review process for high-risk applications.
  • 9. ● Code Review (CR): This practices includes activities related with Secure Code implementation and review process. ● Security Testing (ST): It deals with activities related different Security Testing methods like Black- box, Fuzzing, Automation, Risk driven White Box Analysis etc. ● Deployment:- This domain includes practices that deals with network security and software maintenance requirements.
  • 10. ● Penetration Testing (PT): It involves the activities related with vulnerability discovery and correction of security defects, on to the software that has moved to deployment. ● Software Environment (SE): Practice includes activities related with Secure Software Deployment and maintenance. ● Configuration Management & Vulnerability Management (CMVM): The goal of this practice is track activities related with patching, version control and change management.