Upcoming Webcasts

Click here to view our upcoming webcasts.

Jason Taylor,
CTO, Security Innovation

Jason Taylor, CTOMr. Taylor leads the strategic direction for all technology and security initiatives at Security Innovation. He is an external reviewer, contributor and primary author for Microsoft patterns & practices security guidance and has written several articles for CIO Update.

Mark Merkow,
Former FS-ISAC Education Committee Chair

mmerkowMr. Merkow has held various Information Security positions for global financial services companies in his 35+ year career. He is author or co-author of 14 books on topics such as "Secure and Resilient Software Development " and "Security Assurance Using the Common Criteria." Mr. Merkow is a former chairman of the FS-ISAC Education Committee and helped lead the development of the BITS Software Assurance Framework.

Implementing the BITS Software Assurance Framework

Date: Thursday, August 1

Time: 1:00-2:00PM (EDT)

The BITS Software Assurance Framework was written by financial services companies and is meant to be a collection of best practices organizations can use to integrate security into their software development lifecycle (SDLC) and harden applications from cyber attack.  However, the activities prescribed can be applied to any organization developing applications.

This webcast, delivered by two application security experts (one a former chairman of the FS-ISAC Education Committee who was a key contributor to the BITS Framework), will discuss motivations behind why the framework was created, key best practices for adoption, and perspectives regarding which parts of the BITS Software Assurance Framework can provide the most immediate impact.

Topics Covered:

  • BITS Software Assurance Framework – Quick overview
  • An Information Security Professional's perspective
    • Real-world challenges in the financial services industry
  • Key secure development activities
    • Architecture, Design and Code Reviews
    • Threat Modeling
    • Defensive Coding
    • Security Testing
  • Key areas from which to gain immediate leverage
    • Role-, Platform- and Technology-specific training
    • Secure Development Standards
  • Maturing your application security program
    • Identifying gaps in skills and activities
    • Creating a roadmap
    • Optimal Sequencing of new activities

Register Now!