software security transformation - wordpress.com · security hardening. transformation project...
TRANSCRIPT
![Page 1: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/1.jpg)
Software Security Transformation
Nahil Mahmood
CEO, Delta Tech
![Page 2: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/2.jpg)
Quality software is secure software
![Page 3: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/3.jpg)
Pakistan’s Security Posture
ReactiveSuperficial
ContentiousGovernance Overkill
DENIAL
![Page 4: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/4.jpg)
Information Security: Ground Realities
IT
InfoSec
Compliance
Risk
Audit
![Page 5: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/5.jpg)
Security Transformation
![Page 6: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/6.jpg)
4 Layer Transformation Model
Security Governance
Security Engineering
Vulnerability Management
Security Hardening
![Page 7: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/7.jpg)
Transformation Project Tracks
TRACK 1: IT INFRASTRUCTURE
TRACK 2: CORE ENTERPRISE ERP
TRACK 3: OTHER SOFTWARE (INTERNAL/EXTERNAL)
TRACK 4: DESKTOPS & BROWSERS
TRACK 5: VULNERABILITY MANAGEMENT
TRACK 6: MOBILE SECURITY / BYOD
TRACK 7: ISMS DOCUMENTATION & PROCESSES
![Page 8: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/8.jpg)
Software Security Program
1. Select Controls2. Pilot Project3. Validate Controls4. Automated /Manual Testing5. Penetration Testing6. Change Management7. Production
![Page 9: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/9.jpg)
Software Security [Testing]
QA SECURITY
![Page 10: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/10.jpg)
Software Security Resources
MSTG MASVS SAMM
![Page 11: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/11.jpg)
SAMM-2
![Page 12: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/12.jpg)
SAMM-2
![Page 13: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/13.jpg)
SAMM-2
![Page 14: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/14.jpg)
SAMM-2
![Page 15: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/15.jpg)
SAMM-2
![Page 16: Software Security Transformation - WordPress.com · security hardening. transformation project tracks track 1: it infrastructure track 2: core enterprise erp track 3: other software](https://reader030.vdocuments.mx/reader030/viewer/2022041113/5f2050a492d60162f56daae8/html5/thumbnails/16.jpg)
Conclusion – Software Security Transformation
• Committed software security program
• Merge software security & QA
• Practical frameworks and tools available
• Education, training, learning
• Security leadership