[OPD 2019] Governance as a missing part of IT security architecture
•
0 likes•162 views
Dariusz Czerniawski
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to [OPD 2019] Governance as a missing part of IT security architecture
Similar to [OPD 2019] Governance as a missing part of IT security architecture (20)
More from OWASP
More from OWASP (20)
Recently uploaded
Recently uploaded (20)
[OPD 2019] Governance as a missing part of IT security architecture
- 1. GOVERNANCE AS A MISSING PART OF IT SECURITY ARCHITECTURE
- 2. WELL DESIGNED SECURITY ARCHITECTURE OWASP DAY POLAND 2 Technology: Tooling Processes: How we do Organization: People (culture) SECURITY CI/CD Technology Organization Processes
- 3. Source: Gartner 2017Sourve: Gartner 2017 HOW IT WORKS BY GARTNER OWASP DAY POLAND 3 DEV/OPS 2.0DEV/OPS 2.0
- 4. HOW IT WORKS SO FAR OWASP DAY POLAND 4
- 5. HUMAN ERROR Human error means that something has been done that was "not intended by the actor; not desired by a set of rules or an external observer; or that led the task or system outside its acceptable limits". In short, it is a deviation from intention, expectation or desirability. OWASP DAY POLAND 5
- 6. SO, THE QUESTION IS: OWASP DAY POLAND 6 ??
- 7. Process A series of actions or steps taken in order to achieve a particular end Process is not a bureaucracy Automation Process automation refers to the use of digital technology to perform a process or processes in order to accomplish a workflow or function. OWASP DAY POLAND 7 GOVERNANCE
- 8. CAPABILITY MATURITY MODEL (CMM) OWASP DAY POLAND 8
- 9. OWASP DAY POLAND 9 Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Design ● Threat modeling ● Secure design Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Test ● Vulnerability Assessment ● Dynamic Analysis ● Functional tests ● QA Develop ● Code review ● Unit testing ● Static Analysis Define ● Code Standards ● Security Non Functional Requirements (SNFR) Training ● Secure Coding Practices ● Writing security tests ● Provider/Platform Technical Training SECURE DESIGN/DEVELOPMENT OPS KPI
- 10. OWASP DAY POLAND 10 Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Design ● Threat modeling ● Secure design Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Test ● Vulnerability Assessment ● Dynamic Analysis ● Functional tests ● QA Develop ● Code review ● Unit testing ● Static Analysis Define ● Code Standards ● Security Non Functional Requirements (SNFR) Training ● Secure Coding Practices ● Writing security tests ● Provider/Platform Technical Training SECURE DESIGN/DEVELOPMENT OPS KPI
- 11. OWASP DAY POLAND 11 Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Design ● Threat modeling ● Secure design Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Training • Secure Coding Practices • Writing security tests • Provider/Platform Technical Training Test ● Vulnerability Assessment ● Dynamic Analysis ● Functional tests ● QA Develop ● Code review ● Unit testing ● Static Analysis ● Dynamic Analysis Define ● Code Standards ● Security Non Functional Requirements (SNFR) Training ● Secure Coding Practices ● Writing security tests ● Provider/Platform Technical Training SECURE DESIGN/DEVELOPMENT OPS KPI KPIKPI KPI KPIKPIKPI KPI
- 12. Source: Gartner 2017Sourve: Gartner 2017 HOW IT CAN WORK OWASP DAY POLAND 12 DEV/OPS 2.0DEV/OPS 2.0