Secure Agile Development
|
|
- Bennett Norton
- 6 years ago
- Views:
Transcription
1 Secure Agile Development With FISMA Compliance /
2 FYRM Overview Qualifications Experience Respected Partner FedRAMP 3PAO Performance CPAR 4/4 CMS, DOE Fortune 500 Strategy Secure Agile Knowledge Sharing Effective & Efficient Projects completed: On time Accurately Within budget 2 May 31, 2017
3 Agenda Agile Overview Integrating Security into an Agile World FISMA Compliance Integration Recommendations for success 3 May 31, 2017
4 Agile Overview But first, let s talk about how applications are made. 1. Planning 5. Testing (QA, UAT, Security) 3. Design 2. Requirements 4. Coding / Implementation 6. Implementation 4 May 31, 2017
5 Agile Overview Product Planning Daily Scrum Rules of Agile Development: 1. You don't speak about the rules of Agile development 2. There are no rules of Agile Development Deployment 5 May 31, 2017
6 Mapping Non-Security Tasks to an Agile SDLC: Agile Overview Product Requirements Design Use Cases / Stories Planning Development goals for sprint Use Cases / Stories for sprint Deployment Goal breakdown into tasks Development tasks for use cases / stories Coding Unit Testing, Functional Testing, Code Review Scrum: Design, Planning QA Testing 6 May 31, 2017
7 Agile Overview No two Agile SDLC's are identical Requirem ents Remember Rule # 2: Release Design There are no rules of Agile Development Testing and QA Develop ment Scrum 7 May 31, 2017
8 Integrating Security into an Agile World Pen Testing Key Security Components Code Review Secure Development Training Design and Architecture Security Controls and Requirements 8 May 31, 2017
9 Mapping Security Tasks to an Agile SDLC: Integrating Security into an Agile World Product Security Controls and Requirements Secure Design Abuse Cases / Malicious User Stories Planning Security goals for sprint Abuse Cases / Malicious user stories for sprint Security goal breakdown into tasks Security components for development tasks and security task development Secure Coding Security Testing Scrum: Secure Design, Security Planning Deployment Security Testing 9 May 31, 2017
10 Integrating Security into an Agile World Product Product Product Security Framework Planning Planning Planning Input Validation Output Encoding, Daily Scrums, Daily Scrums, Daily Scrums Identify XSS Deployment Deployment Deployment n n+1 n+2 10 May 31, 2017
11 Integrating Security into any SDLC Design, Requirements Security controls & requirements Design and architecture Secure development training Development Security controls & requirements Design and architecture Code review Penetration testing Testing, Deployment, Operations Code review Penetration testing Control assessment 11 May 31, 2017
12 FISMA Compliance Integration Align activities and schedules Development activities, control testing Information Security activities, goals, projects FISMA requirements, reporting/ato deadlines Technical security testing Review security control design Code review Penetration testing Security controls assessment Obtain evidence for non-technical controls during development Align with annual testing requirements 12 May 31, 2017
13 FISMA Compliance Integration Security Controls In-development testing vs. Annual SCA Scrum Development meetings Release dates ATO deadline Scope Schedule Logistics Continuous Monitoring Testing Reporting security issues vs. FISMA findings Add remediation to Test environment, accounts Application testing scope Other evidence 13 May 31, 2017
14 Secure Agile Development Pros and Cons with Secure Agile Development Cons No security testing in "Pure" Agile More security issues more frequently Difficulty with security integration Pros "Pure" Agile is not very common Well suited for quicker remediation Improved security and compliance once integrated 14 May 31, 2017
15 Secure Agile Development Subject Matter Experts Secure Development SME Application Security SME Key POC's for each team Security testing logistics Environment, accounts, etc. Integrate security recommendations Integrate security remediation Recommendations to improve success Team Integration Developers learn security IS/Compliance learn development Bridge the gap Development artifacts Anti-agile Diagrams, data flow and definitions Security requirements, abuse cases 15 May 31, 2017
16 Presenter Matthew Flick Managing Principal /
MIS Systems & Infrastructure Lifecycle Management 1. Week 12 April 7, 2016
MIS 5203 Lifecycle Management 1 Week 12 April 7, 2016 Study Objectives Systems Implementation Data Migration Change Over 2 Phase 1 Feasibility Phase 2 Requirements Which ones of these activities are part
More informationNick Coblentz, CISSP Senior Consultant, AT&T Consulting
Nick Coblentz, CISSP Senior Consultant, AT&T Consulting Nick.Coblentz@gmail.com http://nickcoblentz.blogspot.com http://www.twitter.com/sekhmetn This work is licensed under a Creative Commons Attribution-Noncommercial-Share
More informationRequirement Engineering within an Agile Environment BY KEJI GIWA. Digital Bananas Technology
Requirement Engineering within an Agile Environment BY KEJI GIWA HLR Workshop Requirement Catalogue Product Planning Sprint Planning Meeting Keyscreens Use Case / Epic Stories Implement Wireframes DBT
More informationTexas Regional Infrastructure Security Conference (TRISC) Dan Cornell
Securing the SDLC: A Case Study Texas Regional Infrastructure Security Conference (TRISC) 2008 Dan Cornell April 22, 2008 Agenda Denim Group introduction and background The problem: Integrate security
More informationAgile Accessibility. Presenters: Ensuring accessibility throughout the Agile development process
Agile Accessibility Ensuring accessibility throughout the Agile development process Presenters: Andrew Nielson, CSM, PMP, MPA Ann Marie Davis, CSM, PMP, M. Ed. Cammie Truesdell, M. Ed. Overview What is
More informationQuality Assurance and IT Risk Management
Quality Assurance and IT Risk Deutsche Bank s QA and Testing Transformation Journey Michael Venditti Head of Enterprise Testing Services, Deutsche Bank IT RISK - REGULATORY GOVERNANCE Major shifts in the
More informationFedRAMP: Understanding Agency and Cloud Provider Responsibilities
May 2013 Walter E. Washington Convention Center Washington, DC FedRAMP: Understanding Agency and Cloud Provider Responsibilities Matthew Goodrich, JD FedRAMP Program Manager US General Services Administration
More informationCertification vision, content and streamlining of PCI certification process
Certification vision, content and streamlining of PCI certification process Agenda ControlCase Certification Vision Evidence Collection Approach Evidence Collection Templates Evidence Expiration Process
More informationManaging an Application Vulnerability Management Program in a CI/CD Environment. March 29, 2018 OWASP Vancouver - Karim Lalji 1
Managing an Application Vulnerability Management Program in a CI/CD Environment March 29, 2018 OWASP Vancouver - Karim Lalji 1 About Me Karim Lalji Managing Security Consultant (VA/PT) at TELUS Previously:
More informationUser Documentation Development Life Cycle (UDDLC)
WWW.ALMAHACONSULTING.CA User Documentation Development Life Cycle (UDDLC) STANDARD OPERATING PROCEDURE BUSINESS PROCESS DOCUMENT DOCUMENT STATUS: VERSION 0.1 Department BUSINESS TRANSFORMATION Process
More informationIT Audit Process Prof. Liang Yao Week Six IT Audit Planning
Week Six IT Audit Planning IT Audit Planning Process Institute of Internal Audit Standards - Section 2010: Planning The chief audit executive must establish a risk-based plan to determine the priorities
More informationBuilding Security Into Applications
Building Security Into Applications Cincinnati Chapter Meetings Marco Morana Chapter Lead Blue Ash, July 30 th 2008 Copyright 2008 The Foundation Permission is granted to copy, distribute and/or modify
More informationKanban One-Day Workshop
Kanban One-Day Workshop Copyright Net Objectives, Inc. All Rights Reserved 2 Copyright Net Objectives, Inc. All Rights Reserved 3 Lean for Executives Product Portfolio Management Business Product Owner
More informationWhat s a BA to do with Data? Discover and define standard data elements in business terms
What s a BA to do with Data? Discover and define standard data elements in business terms Susan Block, Lead Business Systems Analyst The Vanguard Group Discussion Points Discovering Business Data The Data
More informationThreat Modeling for System Builders and System Breakers!! Dan Copyright 2014 Denim Group - All Rights Reserved
Threat Modeling for System Builders and System Breakers!! Dan Cornell! @danielcornell Dan Cornell Dan Cornell, founder and CTO of Denim Group Software developer by background (Java,.NET, etc) OWASP San
More informationExam Questions
Exam Questions 70-498 Delivering Continuous Value with Visual Studio 2012 Application Lifecycle Management https://www.2passeasy.com/dumps/70-498/ 1. You are the application architect on your team. You
More informationProduct Security Program
Product Security Program An overview of Carbon Black s Product Security Program and Practices Copyright 2016 Carbon Black, Inc. All rights reserved. Carbon Black is a registered trademark of Carbon Black,
More informationTHE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT. August prevoty.com. August 2015
THE IMPACT OF SECURITY ON APPLICATION DEVELOPMENT 2 EXECUTIVE SUMMARY The growth of enterprise-developed applications has made it easier for businesses to use technology to work more efficiently and productively.
More informationThis tutorial also elaborates on other related methodologies like Agile, RAD and Prototyping.
i About the Tutorial SDLC stands for Software Development Life Cycle. SDLC is a process that consists of a series of planned activities to develop or alter the Software Products. This tutorial will give
More informationSuman Sourav Director DevSecOps, Vantage Point Security. OWASP Indonesia Day 2017
Suman Sourav Director DevSecOps, Vantage Point Security OWASP Indonesia Day 2017 About me Certified Secure Software Lifecycle Professional (CSSLP) 12+ Years of Experience in Software Security Co-Founder
More informationAbout Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016
About Us Incorporated in January, 2003 QA and QC in expertise focused on functional, performance and application security validation HPE Software Gold Partner, HPE Authorized Software Support Partner &
More informationFedRAMP Security Assessment Plan (SAP) Training
FedRAMP Security Assessment Plan (SAP) Training 1. FedRAMP_Training_SAP_v6_508 1.1 FedRAMP Online Training: SAP Overview Splash Screen Transcript Title of FedRAMP logo. FedRAMP Online Training; Security
More informationDr. Jenkins, M.D., at Your Service: An overview of Jenkins at. #jenkinsconf. Cerner Corporation. Jenkins User Conference San Francisco
Dr. Jenkins, M.D., at Your Service: An overview of Jenkins at Cerner Corporation Robert Langenfeld Software Engineer Cerner Corporation www.cerner.com Oct. 23, 2014 Robert Langenfeld Cerner Corporation
More informationHOW TO WRITE USER STORIES (AND WHAT YOU SHOULD NOT DO) Stuart Ashman, QA Director at Mio Global Bob Cook, Senior Product Development Manager, Sophos
HOW TO WRITE USER STORIES (AND WHAT YOU SHOULD NOT DO) Stuart Ashman, QA Director at Mio Global Bob Cook, Senior Product Development Manager, Sophos Welcome This presentation will discuss Writing user
More informationIT Consulting and Implementation Services
PORTFOLIO OVERVIEW IT Consulting and Implementation Services Helping IT Transform the Way Business Innovates and Operates 1 2 PORTFOLIO OVERVIEW IT Consulting and Implementation Services IT is moving from
More informationMIS Week 9 Host Hardening
MIS 5214 Week 9 Host Hardening Agenda NIST Risk Management Framework A quick review Implementing controls Host hardening Security configuration checklist (w/disa STIG Viewer) NIST 800-53Ar4 How Controls
More informationTesting Agile Projects Stuart Reid
ing Agile Projects Stuart Reid ing Solutions Group 117-119 Houndsditch London EC3A 7BT UK sreid@ing-solutions.com www.ing-solutions.com Stuart Reid, 2011 Scope Agile Manifesto and Principles An Agile Development
More informationFedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS. VERSION 1.0 October 20, 2016
FedRAMP JAB P-ATO Process TIMELINESS AND ACCURACY OF TESTING REQUIREMENTS VERSION 1.0 October 20, 2016 MONTH 2015 Table of Contents 1. PURPOSE 3 2. BACKGROUND 3 3. TIMELINESS AND ACCURACY OF TESTING OVERVIEW
More informationClick to edit Master title style. DIY vs. Managed SIEM
DIY vs. Managed SIEM Meet Paul Paul Caiazzo Principal, Chief Security Architect CISSP, CISA, CEH M.S. Information Security and Assurance 15+ years of experience in Information Security Connect with me:
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationHow to Build an Appium Continuous Testing Pipeline
How to Build an Appium Continuous Testing Pipeline Step-by-Step Tutorial November, 2017 Today s speakers Guy Arieli, CTO, Experitest Ruth Zamir Marketing Director Experitest 01 Why do we need continuous
More informationenya Agile vs. Cyber Communications Ltd. Samuel Wanderi MSIM CAIS CISSP CCNA GSLC CEH COR
enya Communications Ltd. Agile vs. Cyber Samuel Wanderi MSIM CAIS CISSP CCNA GSLC CEH COR AGILE Development Cyber Security Agenda Overview of Industry Direction AGILE in DoD Cyber in DoD People Solutions
More informationCybersecurity Risk Mitigation: Protect Your Member Data. Introduction
Cybersecurity Risk Mitigation: Protect Your Member Data Presented by Matt Mitchell, CISSP Knowledge Consulting Group Introduction Matt Mitchell- Director Risk Assurance 17 years information security experience
More informationLESSONS LEARNED: BEING AGILE IN THE WATERFALL SANDBOX
www.twitter.com/telerik www.facebook.com/telerik LESSONS LEARNED: BEING AGILE IN THE WATERFALL SANDBOX Philip Japikse (@skimedic) phil.japikse@telerik.com www.skimedic.com/blog MVP, MCSD.Net, MCDBA, CSM,
More informationAppScan Deployment APPLICATION SECURITY SERVICES. Colin Bell. Applications Security Senior Practice Manager
APPLICATION SECURITY SERVICES AppScan Deployment Colin Bell Applications Security Senior Practice Manager Copyright 2017 HCL Products & Platforms www.hcltech.com The Evolution of Devops 2001 - Continuous
More informationMaturing agile teams and driving quality through architecture principles
Maturing agile teams and driving quality through architecture principles Amine Chigani & Yun Freund GE Software San Ramon, CA Imagination at work Introducing the GE Software Center Igniting the next industrial
More informationPerformance Engineering in Agile February 9, 2016
Performance Engineering in Agile February 9, 2016 Brought to you by Vivit Performance Engineering SIG Leaders: Todd DeCapua, Petar Puskarich, Paul Shovlin and Chris Trimper http://bit.ly/vivitpe Hosted
More informationSecure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO
Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through
More informationStaffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today
Security Staffing Services UnderDefense your source of experienced professionals to solve security staffing challenges today Staff Augmentation, Executive Staffing, Flex Staffing Achieving our main goal
More informationAgile Software Development. Software Development Methodologies. Who am I? Waterfall. John York JOHN YORK EECS 441 FALL 2017 A BRIEF LOOK
Who am I? John York Agile Software Development JOHN YORK Director of Engineering at ProQuest Dialog Chief Technologist SpellBound AR A Computer Engineer from the University of Michigan! An agile development
More informationCollaboration at Scale: Prioritizing a Backlog. 13-Dec-2017
Collaboration at Scale: Prioritizing a Backlog 13-Dec-2017 Collaboration at Scale Designed for Scrum-centric organizations with more than 10 Scrum teams, the Collaboration at Scale webinar series provides
More informationAgile Software Development. Software Development Methodologies. Who am I? Waterfall. John York JOHN YORK EECS 441 WINTER 2018 A BRIEF LOOK
Agile Software Development JOHN YORK EECS 441 WINTER 2018 John York Director of Engineering at ProQuest Dialog Chief Technologist SpellBound AR A Computer Engineer from the University of Michigan! An agile
More informationShift Left, Automation, and Other Smart Strategies for Getting Ahead in QA
Welcome! Test Early, Test Often Shift Left, Automation, and Other Smart Strategies for Getting Ahead in QA A little bit about us Jeff Van Fleet President and CEO Lighthouse Technologies 30+ years software/qa
More informationTHE ART OF SECURING 100 PRODUCTS. Nir
THE ART OF SECURING 100 PRODUCTS Nir Valtman @ValtmaNir I work for as the Application Security 1st time speaking publicly, except at Mmmm OH, AND Neither of my previous startups succeeded!
More informationAmerican Association for Laboratory Accreditation
R311 - Specific Requirements: Federal Risk and Authorization Management Program Page 1 of 10 R311 - Specific Requirements: Federal Risk and Authorization Management Program 2017 by A2LA. All rights reserved.
More informationProduct Roadmap & Getting Started ITO LMS
Product Roadmap & Getting Started ITO LMS Major Steps (prioritized as agreed upon by ITO/Mgmt team) 0 Preparation 1 Basic client/consultant functions 2 Detailed client/consultant functions 3 Office Admin
More informationFedRAMP Training - Continuous Monitoring (ConMon) Overview
FedRAMP Training - Continuous Monitoring (ConMon) Overview 1. FedRAMP_Training_ConMon_v3_508 1.1 FedRAMP Continuous Monitoring Online Training Splash Screen Transcript Title of FedRAMP logo. Text
More informationLEADING WITH GRC. Approaching Integrated GRC. Knute Ohman, VP, GRC Program Manager. GRC Summit 2017 All Rights Reserved
LEADING WITH GRC Approaching Integrated GRC Knute Ohman, VP, GRC Program Manager Agenda 1. Organization Overview: Vision, Key Facts and Needs 2. GRC Program Governance, Challenges and Community 3. Implementation
More informationSDLC Maturity Models
www.pwc.com SDLC Maturity Models SecAppDev 2017 Bart De Win Bart De Win? 20 years of Information Security Experience Ph.D. in Computer Science - Application Security Author of >60 scientific publications
More informationTesting in the Agile World
Testing in the Agile World John Fodeh Solution Architect, Global Testing Practice 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Outline
More informationAgile Project Management with Primavera
Agile Project Management with Primavera Shivank Saxena, Infosys Ltd. Sebastian Schweinle, Siemens AG Restricted Agile Project Management Contents 1 2 3 4 5 6 7 Why Agile Project Management What is the
More information<Insert Picture Here> CxP Design Sprint
CxP Design Sprint Maria Fernandez Trevino Agenda Intro to Agile The design sprint Unified design board Daily schedule options Product Owner: Tim Scrum Master: Maria elopment
More informationAdministering SQL Servers for Development Teams. Mike Acord & Tony Sebion Omni Resources
Administering SQL Servers for Development Teams Mike Acord & Tony Sebion Omni Resources Omni Resources Solutions Group Mike Acord Senior Architect Solutions Group, Omni Resources Tony Sebion Director Solutions
More informationDESIGN HELPED A MAJOR AND HIGHER SOFTWARE CUSTOMER SUCCESS STORY ABOUT THE CLIENT
CUSTOMER SUCCESS STORY AUTOMATED TEST DESIGN HELPED A MAJOR INSURANCE COMPANY ACHIEVE OPTIMIZED AND HIGHER SOFTWARE QUALITY ABOUT THE CLIENT The client is a major insurance company in the United States
More informationAutomated Acceptance testing by Developers & Automated Functional Testing by Testers
Automated Acceptance testing by Developers & Automated Functional Testing by Testers Gowrishankar Sundararajan QA Manager Tata Consultancy Services, Canada Executive Summary Overview on Traditional Agile
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationWhat every IT professional needs to know about penetration tests
What every IT professional needs to know about penetration tests 24 th April, 2014 Geraint Williams IT Governance Ltd www.itgovernance.co.uk Overview So what do IT Professionals need to know about penetration
More informationService Management Practice Overview. Pete Swan )
Service Management Practice Overview Pete Swan (petes@pm-partners.com.au 02 9900 1400 0411 307 870) Company Overview We develop capabilities, improve performance & deliver projects Education, Training
More informationM365 Powered Device Proof of Concept
M365 Powered Device Proof of Concept 365 A complete, intelligent, secure solution to empower employees Office 365 Windows 10 Enterprise Mobility + Security Modern IT Multiple Device Platforms User and
More informationSirius Security Overview
Sirius Security Overview Rob Hoisington IT Security Consultant www.siriuscom.com 8/18/2017 1 Rob Hoisington IT Security Consultant - CISSP, GLEG, GCIH Robert.Hoisington@siriuscom.com - 757.675.0101 Rob
More informationPresented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0
Cyber Security and Inside Threats: Turning Policies into Practices Presented by Ingrid Fredeen and Pamela Passman Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0 Presented By Ingrid Fredeen, J.D.
More informationCOBIT 5 Assessor Certification Course
COBIT 5 Assessor Certification Course About COBIT 5.0 Information is created, used, retained, disclosed and destroyed. Technology plays a key role in these actions and technology is becoming pervasive
More informationAgile Internationalization User Stories
Agile Internationalization User Stories Tex Texin Chief Globalization Architect XenCraft Internationalization and Unicode Conference IUC41 Abstract User stories are the way that Agile Methodology describes
More informationSurprisingly Successful: What Really Works in Cyber Defense. John Pescatore, SANS
Surprisingly Successful: What Really Works in Cyber Defense John Pescatore, SANS 1 Largest Breach Ever 2 The Business Impact Equation All CEOs know stuff happens in business and in security The goal is
More informationCase Management Digital Service Sprint Review Sprint 5.1: 11/16/17 11/29/17. CWDS / Child Welfare Digital Services
Case Management Digital Service Sprint Review Sprint 5.1: 11/16/17 11/29/17 CWDS / Child Welfare Digital Services Agenda Sprint Stories Core County Brief Sprint Backlog and Team Metrics Feature Based Presentations:
More informationHow to shift from compliance to proactive security
How to shift from compliance to proactive security and make engineers your competitive advantage Răzvan Tudor, Chapter Lead, ING Tech Cloud & Cyber Security Expo, London, March 2019 Whoami Răzvan Tudor
More informationAGILE. Getting Started on Your Team. Davisbase. Copyright 2011 Davisbase LLC. Licensed for Classroom Use to ASPE for Webinar Use Only
AGILE Getting Started on Your Team Copyright 2011 LLC. Licensed for Classroom Use to ASPE for Webinar Use Only INTRO AND AGENDA Your Instructor: Christy Clement Agile Trainer and Coach Agenda: Picking
More informationRiskSense Attack Surface Validation for IoT Systems
RiskSense Attack Surface Validation for IoT Systems 2018 RiskSense, Inc. Surfacing Double Exposure Risks Changing Times and Assessment Focus Our view of security assessments has changed. There is diminishing
More informationDevelopment*Process*for*Secure* So2ware
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
More informationGOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE TRENDS BY FCPAK ERIC KIMANI CONTENTS Overview Conceptual Definition Implementation of Strategic Risk Governance Success Factors Changing Internal Audit Roles
More informationRisk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23
Risk: Security s New Compliance Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23 Agenda Market Dynamics Organizational Challenges Risk: Security s New Compliance
More informationHacker Explains Privilege Escalation: How Hackers Get Elevated Permissions
Hacker Explains Privilege Escalation: How Hackers Get Elevated Permissions Liam Cleary Solution Architect Protiviti Jeff Melnick Systems Engineer Netwrix Corporation Agenda Elevation Escalation Prevention
More informationReady, Willing & Able. Michael Cover, Manager, Blue Cross Blue Shield of Michigan
Ready, Willing & Able Michael Cover, Manager, Blue Cross Blue Shield of Michigan Agenda 1. Organization Overview 2. GRC Journey Story 3. GRC Program Roadmap 4. Program Objectives and Guiding Principals
More informationUSER MANUAL. Inprowiser Engineering
USER MANUAL Capacity Tracker for JIRA Cloud Inprowiser Engineering 1 Contents Introduction... 2 Installation and pre-requisites... 3 Installation... 3 Pre-requisites... 4 Get started with Capacity Tracker...
More informationUnlocking the Power of the Cloud
TRANSFORM YOUR BUSINESS With Smarter IT Unlocking the Power of the Cloud Hybrid Networking Managed Security Cloud Communications Software-defined solutions that adapt to the shape of your business The
More informationOn-Premise, Cloud, Or Managed Service. Making The Most Of Information Management Technology & People
On-Premise, Cloud, Or Managed Service Making The Most Of Information Management Technology & People Steffen Low Vice President, Symantec Business Critical Services Matthew Edwards President & Global CTO,
More informationRequest for Expression of Interest. Consultant - Project Coordinator. Project: I-CARE Global Imperative Indicator
Request for Expression of Interest Consultant - Project Coordinator Project: I-CARE Global Imperative Indicator Unidentified Victims Portrayed on Child Abuse Images Organisational Background ECPAT International
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationRequirements Testing: Turning Compliance into Commercial Advantage. Mike Bartley, Test and Verification Solutions
Requirements Testing: Turning Compliance into Commercial Advantage Mike Bartley, Test and Verification Solutions 1 Agenda Business advantages Some theory Requirements management Mapping requirements to
More informationBREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE
BREAKING BARRIERS TO COLLABORATE WITH THE C-SUITE 31st Annual SoCal ISSA Security Symposium Wendy T. Wu Vice President Agenda + CISO: Then and Now + Who are the Stakeholders and What Do They Care About?
More informationIntroduction to the Federal Risk and Authorization Management Program (FedRAMP)
Introduction to the Federal Risk and Authorization Management Program (FedRAMP) 8/2/2015 Presented by: FedRAMP PMO 1 Today s Training Welcome! This training session is part one of the FedRAMP Training
More informationSECURITY AUTOMATION SIMPLIFIED VIA NIST OSCAL: WE RE NOT IN KANSAS ANYMORE
SESSION ID: GRC-F01 SECURITY AUTOMATION SIMPLIFIED VIA NIST OSCAL: WE RE NOT IN KANSAS ANYMORE David Waltermire Security Automation Architect National Institute of Standards and Technology (NIST) Anil
More informationContemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance
Contemporary Challenges for Cloud Service Providers Seeking FedRAMP Compliance July 2017 Jeff Roth, CISSP-ISSEP, CISA, CGEIT, QSA Regional Director NCC Group Agenda FedRAMP - Foundations/Frameworks Cloud
More informationAn Aflac Case Study: Moving a Security Program from Defense to Offense
SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac Threat Landscape Security risks are growing at a faster
More informationDevelopment with Scrum
Pro Agile.NET Development with Scrum Jerrel Blankenship Matthew Bussa Scott Millett Apress* Contents About the Authors About the Technical Reviewers Acknowledgments Introduction xv xvi xvii xviii Chapter
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More information113 BSIMM Activities at a Glance
113 BSIMM Activities at a Glance (Red indicates most observed BSIMM activity in that practice) Level 1 Activities Governance Strategy & Metrics (SM) Publish process (roles, responsibilities, plan), evolve
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationFinal Paper/Best Practice/Tutorial Advantages OF BDD Testing
Final Paper/Best Practice/Tutorial Advantages OF BDD Testing Preeti Khandokar Test Manager Datamatics Global Solutions Ltd Table of Contents Table of Contents... 2 Abstract... 3 Introduction... 3 Solution:...
More informationTest Automation Strategies in Continuous Delivery. Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions
Test Automation Strategies in Continuous Delivery Nandan Shinde Test Automation Architect (Tech CoE) Cognizant Technology Solutions The world of application is going through a monumental shift.. Evolving
More informationConverged security. Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products
Converged security Gerben Verstraete, CTO, HP Software Services Colin Henderson, Managing Principal, Enterprise Security Products Increased risk and wasted resources Gartner estimates more than $1B in
More information2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along
2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management Today s Speakers Olivia Munro Senior Marketing Specialist Eze Castle Integration Bob Shaw Director, Technical Architecture Eze Castle
More informationFedRAMP Training - How to Write a Control. 1. FedRAMP_Training_HTWAC_v5_ FedRAMP HTWAC Online Training Splash Screen.
FedRAMP Training - How to Write a Control 1. FedRAMP_Training_HTWAC_v5_508 1.1 FedRAMP HTWAC Online Training Splash Screen Transcript Title: How to Write a Control of FedRAMP logo. FedRAMP Online Training;
More informationImproving Cybersecurity through the use of the Cybersecurity Framework
Improving Cybersecurity through the use of the Cybersecurity Framework March 11, 2015 Tom Conkle G2, Inc. Agenda Cybersecurity Framework Why it was created What is it Why it matters How do you use it 2
More informationInformation Technology Procedure IT 3.4 IT Configuration Management
Information Technology Procedure IT Configuration Management Contents Purpose and Scope... 1 Responsibilities... 1 Procedure... 1 Identify and Record Configuration... 2 Document Planned Changes... 3 Evaluating
More informationCASE STUDY TELECOMS. Calvi - two years with no database-related bugs
CASE STUDY TELECOMS Calvi - two years with no database-related bugs "Redgate tools save me hours and hours of work each week In the last two years we haven t had any bugs related to database objects at
More informationRAPID7 INFORMATION SECURITY. An Overview of Rapid7 s Internal Security Practices and Procedures
RAPID7 INFORMATION SECURITY An Overview of Rapid7 s Internal Security Practices and Procedures 060418 TABLE OF CONTENTS Overview...3 Compliance...4 Organizational...6 Infrastructure & Endpoint Security...8
More informationPut Security Into Your DevOps NOW. Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018
Put Security Into Your DevOps NOW Or Prepare for the Flood Matthew Fisher Solution Architect, Fortify Federal 08MAR2018 Defining Devops State of Devops Report (Puppet, Dora):..set of practices and cultural
More informationIncident Response Requirements and Process Clarification Comment Disposition and FAQ 11/27/2014
Incident Requirements and Process Clarification Disposition and FAQ 11/27/2014 Table of Contents 1. Incident Requirements and Process Clarification Disposition... 3 2. Incident Requirements and Process
More information2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification
2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification Presenters Jared Hamilton CISSP CCSK, CCSFP, MCSE:S Healthcare Cybersecurity Leader, Crowe Horwath Erika Del Giudice CISA, CRISC,
More information