Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

RSA CONFERENCE EUROPE 2013 - Bankia reaching high maturit levels with O-ISM3: A Success Case

5,981 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

RSA CONFERENCE EUROPE 2013 - Bankia reaching high maturit levels with O-ISM3: A Success Case

  1. 1. Session ID: Session Classification: Vicente Aceituno @vaceituno Inovement Spain GRC-T08B Intermediate Case Study: Bankia Reaching the Highest Maturity Levels
  2. 2. Presenter Logo #RSAC Maturity ►A measure of the ability to improve often over time
  3. 3. Presenter Logo #RSAC Bankia ►4th Biggest bank in Spain with 12 million customers ►Took the decision to implement O-ISM3 for application security testing in late 2008 ►The Application Security team achieved an Optimized maturity level in 6 months
  4. 4. Presenter Logo #RSAC Return Of Investment and Maturity ROI Maturity Penetration Testing White Box P.T. Lifecycle Integration Secure Design Continuous Improvement
  5. 5. Presenter Logo #RSAC Improvement ►Achieving higher value with the same resources ►Achieving the same value with fewer resources
  6. 6. Presenter Logo #RSAC Improvement ►Producing Results ►Contribute to Business Needs ►Setting Priorities ►Better Use of Resources
  7. 7. Presenter Logo #RSAC Continuous Improvement ToolBox Metrics Security Objectives Analysis Processes Knowledge Management
  8. 8. Presenter Logo #RSAC Continuous Improvement Benefits ►Effortless definition of SLA’s. ►Feedback. ►Application Classification according to Business Criteria. ►Better Communication. ►Efficient allocation of resources. ►Better distribution of responsibilities. ►Uniform results regardless of who performs a task. ►No vendor lock-in.
  9. 9. Presenter Logo #RSAC Higher Maturity Results 0 50 100 150 200 250 2008 2009 2010 2011 2012 Weaknesses Fixed Euros / Weakness Fixed Weaknesses / Application Security Test
  10. 10. Presenter Logo #RSAC Higher Maturity Results 0 50 100 150 200 250 300 350 400 2008 2009 2010 2011 2012 Application Security Tests Euros / Application Security Test Application Security Test Workload
  11. 11. Presenter Logo #RSAC Last Messages ►Maturity is a measure of the ability for continuous improvement. ►Achieving high levels of maturity can be hard if you don’t know how. ►High maturity is about working smart, not hard. ►Bankia saved time and money, improved the security of their applications, the communication between teams, and avoided vendor lock-in.
  12. 12. Information Security that makes Business Sense inovement.es/oism3 Web www.inovement.es Video Blog youtube.com/user/vaceituno Blog ism3.com Twitter twitter.com/vaceituno Presentations slideshare.net/vaceituno/presentations Articles slideshare.net/vaceituno/documents
  13. 13. Thank you! #RSAC Vicente Aceituno Inovement Spain @vaceituno vaceituno@inovement.es www.inovement.es

×