Hello, and welcome to a searchsecurity.com. podcast: How Security is Well Suited for Agile Development.
|
|
- Martha Arabella Barton
- 5 years ago
- Views:
Transcription
1 [ MUSIC ] Hello, and welcome to a searchsecurity.com podcast: How Security is Well Suited for Agile Development. My name is Kyle Leroy, and I'll be moderating this podcast. I'd like to start by introducing our expert. Joining us today is Patrick Vandenberg, Manager, IBM Rational Security and Compliance. Welcome, Patrick, and thanks for joining us today. VANDENBERG: Happy to be here. This podcast is being brought to you by IBM. For more information on IBM, please visit their Web site at All right, so let's jump right in to our discussion. How do you fit in to IT security? VANDENBERG: So, our group, Rational Security Compliance, is actually part of a larger brand in IBM called IBM Security. And that brand has five pillars, and we sit in the application and process security. So really we focus on the vulnerabilities that are present in applications and help organizations address those so that they can improve the overall security in IT. So, for example, if we want to look at Web applications
2 which is a pretty popular concern today -- there is a number of ways in which organizations need to protect Web applications from network protection to the application. And we would focus on the part that looks at the vulnerabilities within the application. And the reason why the multiple pillars exist in IBM Security, a defense indepth approach is very much required. So we need to look at the many different ways that malicious attacks can look at compromising assets in an organization. So we do need to pay attention to the application layer, the network layer, identity and access management, even physical security as well as data and information. So all of these elements combine to a full service approach to IT security. All right, so what should the development team...sorry, I'm going to ask that one again. So, why should the development team care about security? VANDENBERG: Yes, that's an interesting point. As we all know, development is mandated to deliver quality functionality on time, on budget. And some other group in the organizations, typically in IT operations, is responsible for security. -2-
3 And while the awareness is certainly increasing and the investment is starting in this area, it's predominately owned by IT security and even some new investment around having a security practitioner focus on application security where you have somebody who's aware of the vulnerabilities within the code. And while it's great that somebody in IT security is starting to look at vulnerabilities in the application itself, the real challenge here is that all this code, the software, is actually coming from the development organization and for several different reasons there's the opportunity to address application security does reside with development. So for instance, there are vulnerabilities that are readily identified by a security practitioner, and so much so that it creates a bottleneck for the security practitioner. Well, to have that issue remediated, we have to go back to the development organization, fix that code so that the vulnerability doesn't exist in the first place. And this is why application security is necessary. It's very different from having real-time operational protection of network assets, as an example, with application security. We're talking about issues that are within the code itself, and because of that nature, we rely on the development -3-
4 community to be able to help improve the security posture of these applications. All right. Could you elaborate? What are the first steps an organization should take? VANDENBERG: Yes, so this is an interesting discussion and it can be quite a lengthy one. And from what we've seen over time in a few thousand customers is that there is a progression. And we sometimes refer to this as the customer maturity model. So, naturally, with an issue that is not as prevalent in the market or it hasn't been historically, there is a commensurate smaller investment by organizations and a smaller number of skilled resources to address application security. So what can typically happen is an organization's first step is to outsource the security testing effort called penetration testing, or even bring this in house, to, as I mentioned, a security practitioner who's going to do the security audit. But what we've seen here, especially for organizations that have a continuous stream of applications that are in development and that they look to deploy is that there is a -4-
5 bottleneck for typically that one or two people that are responsible for identifying vulnerabilities. What ends up happening is these resources are tasked with protecting the organizational assets. And if they see too much risk in these organizations, they're going to have to say, look, I cannot allow this application to be deployed. It's going to create risk for the organization. And as a result, we get a bottleneck which results in delays, opportunity cost for that project not getting deployed on time, and also we do know that those issues at some point need to get remediated by a development organization. So, they're going to be touching all the hands in the application lifecycle and that process over again. So there's increasing costs for doing this. Now, there is a great opportunity for organizations engaging a development organization, and what can happen here is if we can have security addressed earlier in the development process, then we can alleviate that bottleneck, and we can also remove that effect of having multiple stakeholders touch these issues multiple times -- which is very costly. So, the earlier we can have security addressed, the more cost effective this is. We don't have the bottleneck at the security audit stage, and we don't have that lost -5-
6 opportunity cost of delayed projects. Now, you might say, why do we need the security practitioners in the first place? Well, there's a tremendous experience with these people who are able, if we can relieve the bottleneck for them, then we can leverage them as an acceptance test to make sure that the security posture of these applications is acceptable to be deployed. And we can use their expertise to find maybe the tougher to find security issues in a deployed state. But at the same time, what we can do by engaging the development organization at the code or build or test stage is we have many more resources to scale to find the volumes of easy to find and fix issues. And we're not suggesting here that you'd be looking at deploying security practitioner tools to these people. That's not something that is practical. That's not something that's going to be successful. What we do condone, though, is helping the education and awareness and adopting some practices to bring in some capabilities that support the existing use cases and environments that are in use. So, solutions that integrate with developer IDEs, with the build system that fully integrate into the test scripts so -6-
7 that as you're writing a script for functional performance and services testing, an automated security scan happens as well. And then you fold these vulnerabilities into the remediation effort that developers are already engaged in. This is a way to engage security -- the practice of security -- into the existing process, have a governance model that's going to manage these issues and track them through, and support collaboration between development QA and security. So, Patrick, how is security relevant and feasible in an agile model? VANDENBERG: Yes, that's a great question, because a lot of people will feel on first discussions that security requires a lot of heavy lifting. And while adopting existing practices is not an easy...there are a lot of dynamics in play, you've got cultural change, you've got some training and awareness that will need to happen... What is actually interesting and not typically seen up front is that security is very conducive to an agile environment. So as I mentioned earlier, if you're going to have somebody late in the process who's going to stop these projects because it's posing risk for the organization and they don't have a choice but to do that, because that is their job
8 Then you're really running counter to an agile environment. In embedding security early into the process what you're doing is you're allowing lightweight quick checks for security just like in the same stream as the rest of the activity that is going to avoid this heavy lifting slowdown that can happen by doing a full security test late in the process. So, it really allows vulnerability testing and remediation to go hand in hand with agile. Right? Let's piece this down, let's have a quick process so that there's a lightweight effort and it's not going to be disruptive and allow us to get a quick response or a quick delivery on our project out the door. All right, and finally, what are some key techniques and practices which need to be adopted to support security in an agile environment? VANDENBERG: So, I think I touched on a few of these already with some of the other questions, and really what this requires is the support of the different communities to embrace this model in the software lifecycle management process. So if you have considerations of collaboration and governance of embedding security into the existing use cases -8-
9 and tooling that are in place and there is software and solutions available to do this from IBM and the necessary services, then you can go hand in hand with your transformation through an agile process. So, for example, integrating into the IDE, or integrating into the build stage, as an example, to do that, to do that test. And security becomes a regular process. And your security practitioners or your auditors can become, can operate as an admin in the background that can set up standardized scan templates that can be, really all that detail can be extracted from your development community. So we're not derailing all that brainpower and time. They can do the triage of these vulnerabilities to support the developers so that we're stripping out all the noise, as much noise as possible so that the bugs, the security bugs or defects that the developers are receiving and intermediate on are easy to find, easy to fix and are validated as being real issues. In this way, the investment on the part of the developers, but as I said, has been chugged down to being lightweight on a quick turn in the normal process, becomes more of a lightweight effort, a very non-disruptive or non-intrusive approach to leveraging the opportunity to scale with all the resources we have in our development community versus -9-
10 waiting for one or two people to slow the entire process down and do an exhaustive test late in the cycle. All right, great. Thanks, Patrick. This has been an interesting and informative discussion. Thank you for your time today, and thanks to our listeners for taking time out of their day. I'd like to thank IBM for bringing us this searchsecurity.com podcast. I thank you all so much for joining us. [ MUSIC ] [END OF SEGMENT] -10-
Show notes for today's conversation are available at the podcast website.
Title: Managing Security Vulnerabilities Based on What Matters Most Transcript Part 1: The Challenges in Defining a Security Vulnerability Julia Allen: Welcome to CERT's Podcast Series: Security for Business
More informationHello, and welcome to another episode of. Getting the Most Out of IBM U2. This is Kenny Brunel, and
Hello, and welcome to another episode of Getting the Most Out of IBM U2. This is Kenny Brunel, and I'm your host for today's episode which introduces wintegrate version 6.1. First of all, I've got a guest
More informationWelcome to this IBM Rational podcast, enhanced. development and delivery efficiency by improving initial
IBM Podcast [ MUSIC ] GIST: Welcome to this IBM Rational podcast, enhanced development and delivery efficiency by improving initial core quality. I'm Kimberly Gist with IBM. Catching defects earlier in
More informationWelcome to this IBM Rational Podcast. I'm. Angelique Matheny. Joining me for this podcast, Delivering
Welcome to this IBM Rational Podcast. I'm Angelique Matheny. Joining me for this podcast, Delivering Next Generation Converged Applications with Speed and Quality, is Derek Baron, Worldwide Rational Communications
More informationWelcome to this IBM podcast, Realizing More. Value from Your IMS Compiler Upgrade. I'm Kimberly Gist
IBM Podcast [ MUSIC ] Welcome to this IBM podcast, Realizing More Value from Your IMS Compiler Upgrade. I'm Kimberly Gist with IBM. System z compilers continue to deliver the latest programming interfaces
More informationWelcome to this IBM Rational podcast, Using the. System Architect Migration Toolkit to Migrate Your DoDAF 1.5
IBM Podcast [ MUSIC ] GIST: Welcome to this IBM Rational podcast, Using the System Architect Migration Toolkit to Migrate Your DoDAF 1.5 model to DoDAF 2.0. I'm Kimberly Gist with IBM. Many IBM Rational
More informationPart 1: Critical Infrastructures and Their Reliance on Critical Information Infrastructures
Title: Managing Risk to Critical Infrastructures at the National Level Transcript Part 1: Critical Infrastructures and Their Reliance on Critical Information Infrastructures Julia Allen: Welcome to CERT's
More informationWelcome to this IBM podcast, Object Management. Group's Telco ML, Example of a Mobile Communications API.
IBM Podcast [ MUSIC ] Welcome to this IBM podcast, Object Management Group's Telco ML, Example of a Mobile Communications API. I'm Angelique Matheny with IBM. Many existing application programming interfaces,
More informationPart 1: Information Security for City Governments; Defining e-discovery
Integrating Security Incident Response and e-discovery Transcript Part 1: Information Security for City Governments; Defining e-discovery Julia Allen: Welcome to CERT's Podcast Series: Security for Business
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationPractical Guide to Securing the SDLC
Practical Guide to Securing the SDLC Branko Ninkovic Dragonfly Technologies Founder Agenda Understanding the Threats Software versus Security Goals Secure Coding and Testing A Proactive Approach to Secure
More informationI'm Andy Glover and this is the Java Technical Series of. the developerworks podcasts. My guest is Brian Jakovich. He is the
I'm Andy Glover and this is the Java Technical Series of the developerworks podcasts. My guest is Brian Jakovich. He is the director of Elastic Operations for Stelligent. He and I are going to talk about
More informationWelcome to another episode of Getting the Most. Out of IBM U2. I'm Kenny Brunel, and I'm your host for
Welcome to another episode of Getting the Most Out of IBM U2. I'm Kenny Brunel, and I'm your host for today's episode, and today we're going to talk about IBM U2's latest technology, U2.NET. First of all,
More informationModule 6. Campaign Layering
Module 6 Email Campaign Layering Slide 1 Hello everyone, it is Andy Mackow and in today s training, I am going to teach you a deeper level of writing your email campaign. I and I am calling this Email
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationBUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology
BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS Informed by the National Institute of Standards and Technology ebook BUILDING APPLICATION SECURITY INTO PRODUCTION CONTAINER ENVIRONMENTS
More informationMay 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations
May 14, 2018 1:30PM to 2:30PM CST In Plain English: Cybersecurity and IT Exam Expectations Options to Join Webinar and audio Click on the link: https://www.webcaster4.com/webcast/page/584/24606 Choose
More informationDATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE
DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE EXECUTIVE SUMMARY ALIGNING CYBERSECURITY WITH RISK The agility and cost efficiencies
More informationCyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.
Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK. In today s escalating cyber risk environment, you need to make sure you re focused on the right priorities by
More informationPredictive Insight, Automation and Expertise Drive Added Value for Managed Services
Sponsored by: Cisco Services Author: Leslie Rosenberg December 2017 Predictive Insight, Automation and Expertise Drive Added Value for Managed Services IDC OPINION Competitive business leaders are challenging
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1
SECURITY AUTOMATION BEST PRACTICES A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1 Introduction The best security postures are those that are built
More informationHP Fortify Software Security Center
HP Fortify Software Security Center Proactively Eliminate Risk in Software Trust Your Software 92% of exploitable vulnerabilities are in software National Institute for Standards and Technology (NIST)
More informationBBBT Podcast Transcript
BBBT Podcast Transcript About the BBBT The Boulder Brain Trust, or BBBT, was founded in 2006 by Claudia Imhoff. Its mission is to leverage business intelligence for industry vendors, for its members, who
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationCyber Resilience - Protecting your Business 1
Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience
More informationSECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation
SECURITY AUTOMATION BEST PRACTICES A Guide to Making Your Security Team Successful with Automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough Nut to Crack
More informationSecurity Automation Best Practices
WHITEPAPER Security Automation Best Practices A guide to making your security team successful with automation TABLE OF CONTENTS Introduction 3 What Is Security Automation? 3 Security Automation: A Tough
More informationSYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security
SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it
More informationVirtualization. Q&A with an industry leader. Virtualization is rapidly becoming a fact of life for agency executives,
Virtualization Q&A with an industry leader Virtualization is rapidly becoming a fact of life for agency executives, as the basis for data center consolidation and cloud computing and, increasingly, as
More informationMapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective
Mapping Your Requirements to the NIST Cybersecurity Framework Industry Perspective 1 Quest has the solutions and services to help your organization identify, protect, detect, respond and recover, better
More informationTexas Regional Infrastructure Security Conference (TRISC) Dan Cornell
Securing the SDLC: A Case Study Texas Regional Infrastructure Security Conference (TRISC) 2008 Dan Cornell April 22, 2008 Agenda Denim Group introduction and background The problem: Integrate security
More informationImproving Security in the Application Development Life-cycle
Improving Security in the Application Development Life-cycle Migchiel de Jong Software Security Engineer mdejong@fortifysoftware.com March 9, 2006 General contact: Jurgen Teulings, 06-30072736 jteulings@fortifysoftware.com
More informationEscaping PCI purgatory.
Security April 2008 Escaping PCI purgatory. Compliance roadblocks and stories of real-world successes Page 2 Contents 2 Executive summary 2 Navigating the road to PCI DSS compliance 3 Getting unstuck 6
More informationProduct Security Program
Product Security Program An overview of Carbon Black s Product Security Program and Practices Copyright 2016 Carbon Black, Inc. All rights reserved. Carbon Black is a registered trademark of Carbon Black,
More informationIntegrated Access Management Solutions. Access Televentures
Integrated Access Management Solutions Access Televentures Table of Contents OVERCOMING THE AUTHENTICATION CHALLENGE... 2 1 EXECUTIVE SUMMARY... 2 2 Challenges to Providing Users Secure Access... 2 2.1
More informationThe Convergence of Security and Compliance
ebook The Convergence of Security and Compliance How Next Generation Endpoint Security Manages 5 Core Compliance Controls Table of Contents Introduction....3 Positive versus Negative Application Security....3
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationLecture 34 SDLC Phases and UML Diagrams
That Object-Oriented Analysis and Design Prof. Partha Pratim Das Department of Computer Science and Engineering Indian Institute of Technology-Kharagpur Lecture 34 SDLC Phases and UML Diagrams Welcome
More informationSurvey Results: Virtual Insecurity
Best Practices SURVEY Survey Results: Virtual Insecurity May 2013 Executive Summary: Virtual Assets Could Bring Real Risk Virtualization technologies have reshaped how IT offers and delivers their services
More informationIBM AND THE FUTURE OF SMART IT. February 26, 2008
IBM AND THE FUTURE OF SMART IT February 26, 2008 LANINGHAM: Welcome to a podcast on IBM and the Future of Smart IT. I'm Scott Laningham. We're here to talk about the ballooning energy use by computing
More informationMITOCW watch?v=0jljzrnhwoi
MITOCW watch?v=0jljzrnhwoi The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high quality educational resources for free. To
More informationMetrics That Matter: Quantifying Software Security Risk
Metrics That Matter: Quantifying Software Security Risk Brian Chess Fortify Software 2300 Geng Road, Suite 102 Palo Alto, CA 94303 1-650-213-5600 brian@fortifysoftware.com Abstract Any endeavor worth pursuing
More informationSecuring Digital Transformation
September 4, 2017 Securing Digital Transformation DXC Security Andreas Wuchner, CTO Security Innovation Risk surface is evolving and increasingly complex The adversary is highly innovative and sophisticated
More informationBring Your Own Device (BYOD)
Bring Your Own Device (BYOD) An information security and ediscovery analysis A Whitepaper Call: +44 345 222 1711 / +353 1 210 1711 Email: cyber@bsigroup.com Visit: bsigroup.com Executive summary Organizations
More informationSecurity Automation & Orchestration That Won t Get You Fired. Syra Arif Advisory Security Solutions Architect November 2017
Security Automation & Orchestration That Won t Get You Fired Syra Arif Advisory Security Solutions Architect ServiceNow @syraarif November 2017 1 Speaker Introduction NAME: Syra Arif TITLE: Advisory Security
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationTHE EMERGING PRODUCT SECURITY LEADER DISCIPLINE
SESSION ID: DEV-F02 THE EMERGING PRODUCT SECURITY LEADER DISCIPLINE Matt Clapham Principal Product Security Leader GE Digital (Healthcare) @ProdSec Agenda What is product security What is a product security
More informationEXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT. An Insight Cyber White Paper. Copyright Insight Cyber All rights reserved.
EXPERT SERVICES FOR IoT CYBERSECURITY AND RISK MANAGEMENT An Insight Cyber White Paper Copyright Insight Cyber 2018. All rights reserved. The Need for Expert Monitoring Digitization and external connectivity
More informationSecurity Awareness at Unitil Corporation
Security Awareness at Unitil Corporation An Inside Look at Running an Effective Security Awareness Program Using SANS Securing the Human End User Solution Executives on the Front Line of Cybersecurity
More informationP1_L3 Operating Systems Security Page 1
P1_L3 Operating Systems Security Page 1 that is done by the operating system. systems. The operating system plays a really critical role in protecting resources in a computer system. Resources such as
More informationCATCH ERRORS BEFORE THEY HAPPEN. Lessons for a mature data governance practice
CATCH ERRORS BEFORE THEY HAPPEN Lessons for a mature data governance practice A guide to working with cross-departmental teams to establish proactive data governance for your website or mobile app. 2 Robust
More informationTranscript: A Day in the Life Desiree: 7 th Grade Learning Coach Profile
Transcript: A Day in the Life Desiree: 7 th Grade Learning Coach Profile Transcript (Video) Transcript (Video with Audio Description) Transcript (Audio Description) Transcript (Video) 00:00:00.000 [MUSIC]
More informationAS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER?
E-Guide AS ATTACKERS TARGET APPLICATION CODING ERRORS, ARE STATIC ANALYSIS TOOLS THE ANSWER? SearchSecurity A pplication development teams often prioritize timely delivery of software above all other concerns
More informationSecuring Your Digital Transformation
Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,
More informationDevice Discovery for Vulnerability Assessment: Automating the Handoff
Device Discovery for Vulnerability Assessment: Automating the Handoff O V E R V I E W While vulnerability assessment tools are widely believed to be very mature and approaching commodity status, they are
More information90% of data breaches are caused by software vulnerabilities.
90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with
More informationDigital Marketing Manager, Marketing Manager, Agency Owner. Bachelors in Marketing, Advertising, Communications, or equivalent experience
Persona name Amanda Industry, geographic or other segments B2B Roles Digital Marketing Manager, Marketing Manager, Agency Owner Reports to VP Marketing or Agency Owner Education Bachelors in Marketing,
More informationSelecting Your Wordpress Theme
Selecting Your Wordpress Theme Wordpress uses templates, otherwise known as Themes to define the look, feel, and functionality of a blog. The Theme you choose is not only the face you present to the world
More informationSecure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO
Secure Agile How to make secure applications using Agile Methods Thomas Stiehm, CTO tom.stiehm@coveros.com 1 About Coveros Coveros helps organizations accelerate the delivery of business value through
More informationIs Your Web Application Really Secure? Ken Graf, Watchfire
Is Your Web Application Really Secure? Ken Graf, Watchfire What we will discuss today Pressures on the application lifecycle Why application security defects matter How to create hacker resistant business
More informationCYBERSECURITY PENETRATION TESTING - INTRODUCTION
CYBERSECURITY PENETRATION TESTING - INTRODUCTION Introduction Pen-testing 101 University Focus Our Environment Openness and learning Sharing and collaboration Leads to Security Weaknesses What is Penetration
More informationHow Security Policy Orchestration Extends to Hybrid Cloud Platforms
How Security Policy Orchestration Extends to Hybrid Cloud Platforms Reducing complexity also improves visibility when managing multi vendor, multi technology heterogeneous IT environments www.tufin.com
More informationDELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS
DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS Building digital trust and cyber security resilience is no longer just an IT issue, it s a business mandate. Fusion brings a simplified approach to our client
More informationSymantec Security Monitoring Services
24x7 real-time security monitoring and protection Protect corporate assets from malicious global threat activity before it impacts your network. Partnering with Symantec skilled and experienced analysts
More informationSOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)
SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP) Adaptive Cybersecurity at the Speed of Your Business Attackers Evolve. Risk is in Constant Fluctuation. Security is a Never-ending Cycle.
More informationWebSphere Portal development teams on Web 2.0 technologies. Hear how IBM has
What is Web 2.0? Series: Web 2.0 for Lotus, WebSphere Portal and You Listen to Pete Janzen from IBM Lotus interview various experts from the Lotus and WebSphere Portal development teams on Web 2.0 technologies.
More informationTranscript: A Day in the Life of a K12 Seventh Grade Teacher
Transcript: A Day in the Life of a K12 Seventh Grade Teacher Transcript (Video) Transcript (Video with Audio Description) Transcript (Audio Description) Transcript (Video) 00:00:00.000 MUSIC 00:00:05.799
More informationSEO For Security Guard Companies
startasecuritycompany.com SEO For Security Guard Companies How We Built Two Multi-Million Dollar Security Companies Using Search Engine Optimization Contents 1. Thanks For Downloading! Congratulations!
More informationMITOCW ocw f99-lec07_300k
MITOCW ocw-18.06-f99-lec07_300k OK, here's linear algebra lecture seven. I've been talking about vector spaces and specially the null space of a matrix and the column space of a matrix. What's in those
More informationMITOCW MIT6_01SC_rec2_300k.mp4
MITOCW MIT6_01SC_rec2_300k.mp4 KENDRA PUGH: Hi. I'd like to talk to you today about inheritance as a fundamental concept in object oriented programming, its use in Python, and also tips and tricks for
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationSecuring a Dynamic Infrastructure. IT Virtualization new challenges
Christian Fahlke GMT Channel Leader Internet Security Systems IBM Central & Eastern Europe, Middle East and Africa (CEEMEA) May 20th, 2009 Securing a Dynamic Infrastructure IT Virtualization new challenges
More informationWhite Paper. Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection
White Paper Closing PCI DSS Security Gaps with Proactive Endpoint Monitoring and Protection Table of Contents Introduction....3 Positive versus Negative Application Security....3 Continuous Audit and Assessment
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationRED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.
RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE. Is putting Contact us INTRODUCTION You know the headaches of managing an infrastructure that is stretched to its limit. Too little staff. Too many users. Not
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationNew Zealand Government IBM Infrastructure as a Service
New Zealand Government IBM Infrastructure as a Service A world class agile cloud infrastructure designed to provide quick access to a security-rich, enterprise-class virtual server environment. 2 New Zealand
More informationImproving Data Governance in Your Organization. Faire Co Regional Manger, Information Management Software, ASEAN
Improving Data Governance in Your Organization Faire Co Regional Manger, Information Management Software, ASEAN Topics The Innovation Imperative and Innovating with Information What Is Data Governance?
More informationQ&A Session for Connect with Remedy - CMDB Best Practices Coffee Break
Q&A Session for Connect with Remedy - CMDB Best Practices Coffee Break Date: Thursday, March 05, 2015 Q: When going to Asset Management Console and making an update on there, does that go to a sandbox
More information9 th CA 2E/CA Plex Worldwide Developer Conference 1
1 Introduction/Welcome Message Organizations that are making major changes to or replatforming an application need to dedicate considerable resources ot the QA effort. In this session we will show best
More informationWhite Paper. How to Write an MSSP RFP
White Paper How to Write an MSSP RFP https://www.solutionary.com (866) 333-2133 Contents 3 Introduction 3 Why a Managed Security Services Provider? 5 Major Items to Consider Before Writing an RFP 5 Current
More informationIntroduction... 1 Part I: How ITIL Can Help You... 7
Contents at a Glance Introduction... 1 Part I: How ITIL Can Help You... 7 Chapter 1: Managing IT Services: Welcome to the World of ITIL...9 Chapter 2: Using the Building Blocks of ITIL...19 Chapter 3:
More informationIntroduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview
IBM Watson on the IBM Cloud Security Overview Introduction IBM Watson on the IBM Cloud helps to transform businesses, enhancing competitive advantage and disrupting industries by unlocking the potential
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationProfessional Services for Cloud Management Solutions
Professional Services for Cloud Management Solutions Accelerating Your Cloud Management Capabilities CEOs need people both internal staff and thirdparty providers who can help them think through their
More informationDell helps you simplify IT
Dell helps you simplify IT Workshops the first step. Reduce desktop and data center complexity. Improve productivity. Innovate. Dell IT Consulting Services New Edition 2011 Introduction Are you spending
More informationRuby on Rails Welcome. Using the exercise files
Ruby on Rails Welcome Welcome to Ruby on Rails Essential Training. In this course, we're going to learn the popular open source web development framework. We will walk through each part of the framework,
More informationCertified Information Security Manager (CISM) Course Overview
Certified Information Security Manager (CISM) Course Overview This course teaches students about information security governance, information risk management, information security program development,
More informationMetrics That Matter:
Metrics That Matter: Quantifying Software Security Risk Abstract: Any endeavor worth pursuing is worth measuring, but software security presents new measurement challenges: There are no established formulas
More informationto Enhance Your Cyber Security Needs
Our Service to Enhance Your Cyber Security Needs Since the business critical systems by its nature are ON all of the time and the increasingly connected world makes you open your organization to everything
More informationCybersecurity. Securely enabling transformation and change
Cybersecurity Securely enabling transformation and change Contents... Cybersecurity overview Business drivers Cybersecurity strategy and roadmap Cybersecurity in practice CGI s cybersecurity offering Why
More informationMITOCW ocw f99-lec12_300k
MITOCW ocw-18.06-f99-lec12_300k This is lecture twelve. OK. We've reached twelve lectures. And this one is more than the others about applications of linear algebra. And I'll confess. When I'm giving you
More informationNEXT GENERATION SECURITY OPERATIONS CENTER
DTS SOLUTION NEXT GENERATION SECURITY OPERATIONS CENTER SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 - SUCCESS FACTORS SOC 2.0 - FUNCTIONAL COMPONENTS DTS SOLUTION SOC 2.0 - ENHANCED SECURITY O&M SOC 2.0 Protecting
More informationAn Aflac Case Study: Moving a Security Program from Defense to Offense
SESSION ID: TTA-F02 An Aflac Case Study: Moving a Security Program from Defense to Offense Tim Callahan SVP & Global Chief Security Officer Aflac Threat Landscape Security risks are growing at a faster
More informationHow To Make 3-50 Times The Profits From Your Traffic
1 How To Make 3-50 Times The Profits From Your Traffic by Chris Munch of Munchweb.com Copyright Munchweb.com. All Right Reserved. This work cannot be copied, re-published, or re-distributed. No re-sell
More informationProtect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013
Protect Your Application with Secure Coding Practices Barrie Dempster & Jason Foy JAM306 February 6, 2013 BlackBerry Security Team Approximately 120 people work within the BlackBerry Security Team Security
More informationBBC Learning English 6 Minute English Work s
BBC Learning English 6 Minute English Work Emails NB: This is not a word for word transcript Hello and welcome to 6 Minute English from BBC Learning English. I'm Michelle. And I'm Neil. Thanks for joining
More informationAbout Us. Services CONSULTING OUTSOURCING TRAINING MENTORING STAFF AUGMENTATION 9/9/2016
About Us Incorporated in January, 2003 QA and QC in expertise focused on functional, performance and application security validation HPE Software Gold Partner, HPE Authorized Software Support Partner &
More information