Security In The Sdlc: It Doesn'T Have To Be Painful!
No ratings
Presented at SOURCE Barcelona 2010 by
Why do organizations fail so miserably at Application Security? Even after investing millions into Information Security programs? Organizations are addressing application security through initiatives from hiring their first 'Security Person' to investing in large time and resource intensive projects. Great! So how come security breaches through applications are still on the rise and showing no signs of abatement? Is the security industry failing? This talk will focus on what the speaker has experienced over the past few years while working with his clients to integrate information security practices into IT processes. This includes large Global Top 100 to medium domestic UK companies. The focus will be around some of the different approaches that were taken and the things that worked and the things that failed miserably. In the end, the audience will be able to take away real world experiences for consideration. The talk will start by discussing some of the more interesting angles the speaker has seen when presenting the business case for a security integration project investment. This includes stepping outside of the traditional security professional arguments and adopting the viewpoint from other parts of an organization. The speaker will then discuss the age old IT consultant's mantra of People, Process and Technology and where security practices fits in. The focus will be on process and people rather than technology. Building upon a business case and the theories around people and processes, we will discuss how to move forward with integrating information security practices into the SDLC. Lastly, we'll talk about the 'gotchas', the pitfalls, traps, and other 'bad things' from perceptions to internal politics. These are discussed in a light-hearted manner through example experiences and 'war stories.' The speaker hopes they will be considered at the beginning of a security initiative or project part of project risk and critical success Factors!