Regulatory compliance activities are beginning to focus increasingly on application security, rather than network security as the primary means to protect data. Why? Because insecure applications are the biggest threat to data – and the evidence supports this. Both Verizon Business and NIST reported that over 90% of data breaches occur at the application layer.
As a result, regulators and industry standards bodies have dutifully added explicit and implicit security requirements as they relate to application development practices. However, these requirements are often difficult to understand and the security activities that need to be introduced within the development process are not well known.
This whitepaper presents a practical approach towards mapping application security practices to compliance requirements.
Share this with others: