The CISO's Guide to Application Security

As the cost of a data breach continues to rise each year, CISO's and other executives are facing the difficult challenge of establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.

Unfortunately, many organizations have a software development lifecycle (SDLC) that lacks rigor and discipline, leaving them vulnerable for an attack along with the potential loss of revenue, customer impact, and tarnished brand integrity. Experts agree that building security into the SDLC with proper policies, skills, activities, and controls will enhance Application Security significantly. This paper outlines how CISO's and executive level management can plan for and implement an effective Application Security program.

Highlights include:

  • Planning for Application Security: Consider goals for each phase of the SDLC, including requirements, design, coding, testing, and deployment.
  • Optimizing your Secure SDLC: Integrating the right tools, activities and skills will reduce vulnerabilities and facilitate compliance.
  • Implementing an Application Security Training Program: Learn how to effectively train employees, set up policies and standards, and test applications for vulnerabilities.
  • A CISO's perspective: Get tips from John J. Masserini, CISO of Miax Options, on deploying a successful application security program within your organization.

Bonus: The Application Security Handbook

In addition to the CISO's Guide to Application Security, you'll also receive a comprehensive, 32-page handbook covering in detail what CISO's and enterprise information risk decision makers need to understand key application security issues in order to effectively prioritize efforts and mitigate risks.