- Risk based approach is the goal
- Align to business strategy of 2-5 years direction with leadership buy-in, tactical step can be taken to adapt
- Need for measureable results via metrics
- Focus on IT weaknesses specific to organization
- Unique challenges but same approach can apply
- Find your application influencers
- It's a marathon not a sprint
- Remediation consideration for compliance and allowance for stead state before validation
- Remember appsec capabilities including stocking up on your tool belt
- Considerations: app assessment compliance/design | Threat modeling | Attack and Pen | Secure dev training | Full integration and security toll-gates in SDLC | Vendor risk management concept
Friday, January 29, 2016
AppSec gap continue to be theory vs practice - preso
ISACA Chicago presentation on application security identifies focus areas:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment