RSA CONFERENCE EUROPE 2013 - Bankia reaching high maturit levels with O-ISM3: A Success Case

5,834 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
5,834
On SlideShare
0
From Embeds
0
Number of Embeds
4,331
Actions
Shares
0
Downloads
10
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

RSA CONFERENCE EUROPE 2013 - Bankia reaching high maturit levels with O-ISM3: A Success Case

  1. 1. Session ID: Session Classification: Vicente Aceituno @vaceituno Inovement Spain GRC-T08B Intermediate Case Study: Bankia Reaching the Highest Maturity Levels
  2. 2. Presenter Logo #RSAC Maturity ►A measure of the ability to improve often over time
  3. 3. Presenter Logo #RSAC Bankia ►4th Biggest bank in Spain with 12 million customers ►Took the decision to implement O-ISM3 for application security testing in late 2008 ►The Application Security team achieved an Optimized maturity level in 6 months
  4. 4. Presenter Logo #RSAC Return Of Investment and Maturity ROI Maturity Penetration Testing White Box P.T. Lifecycle Integration Secure Design Continuous Improvement
  5. 5. Presenter Logo #RSAC Improvement ►Achieving higher value with the same resources ►Achieving the same value with fewer resources
  6. 6. Presenter Logo #RSAC Improvement ►Producing Results ►Contribute to Business Needs ►Setting Priorities ►Better Use of Resources
  7. 7. Presenter Logo #RSAC Continuous Improvement ToolBox Metrics Security Objectives Analysis Processes Knowledge Management
  8. 8. Presenter Logo #RSAC Continuous Improvement Benefits ►Effortless definition of SLA’s. ►Feedback. ►Application Classification according to Business Criteria. ►Better Communication. ►Efficient allocation of resources. ►Better distribution of responsibilities. ►Uniform results regardless of who performs a task. ►No vendor lock-in.
  9. 9. Presenter Logo #RSAC Higher Maturity Results 0 50 100 150 200 250 2008 2009 2010 2011 2012 Weaknesses Fixed Euros / Weakness Fixed Weaknesses / Application Security Test
  10. 10. Presenter Logo #RSAC Higher Maturity Results 0 50 100 150 200 250 300 350 400 2008 2009 2010 2011 2012 Application Security Tests Euros / Application Security Test Application Security Test Workload
  11. 11. Presenter Logo #RSAC Last Messages ►Maturity is a measure of the ability for continuous improvement. ►Achieving high levels of maturity can be hard if you don’t know how. ►High maturity is about working smart, not hard. ►Bankia saved time and money, improved the security of their applications, the communication between teams, and avoided vendor lock-in.
  12. 12. Information Security that makes Business Sense inovement.es/oism3 Web www.inovement.es Video Blog youtube.com/user/vaceituno Blog ism3.com Twitter twitter.com/vaceituno Presentations slideshare.net/vaceituno/presentations Articles slideshare.net/vaceituno/documents
  13. 13. Thank you! #RSAC Vicente Aceituno Inovement Spain @vaceituno vaceituno@inovement.es www.inovement.es

×