Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Application Security without rose colored glasses

686 visualizaciones

Publicado el

  • If you need your papers to be written and if you are not that kind of person who likes to do researches and analyze something - you should definitely contact these guys! They are awesome ⇒⇒⇒ ⇐⇐⇐
    ¿Estás seguro?    No
    Tu mensaje aparecerá aquí
  • Sé el primero en recomendar esto

Application Security without rose colored glasses

  1. 1. Application security without rose-colored glasses From perspective of an infosecurity community member
  2. 2. How we see software development
  3. 3. How we see software developers
  4. 4. How we think we work together
  5. 5. How we think security controls are implemented
  6. 6. But in reality it looks different…
  7. 7. In reality software looks more like this
  8. 8. How software is maintained
  9. 9. How we see ourselves
  10. 10. How we feel they see us
  11. 11. How they really see us
  12. 12. How we see policies
  13. 13. How they see policies
  14. 14. How they see our initiatives
  15. 15. What we get in the end
  16. 16. Where this leads to
  17. 17. Why is this happening?
  18. 18. #1. Communication vacuum We are sending this artifact to save their planet Complete vacuum What is this? Where has it come from? What do we do with it? ? ? ?
  19. 19. #2. No balance between the desiredresult and effort needed to be spent in order to achieve it
  20. 20. How to fix this?
  21. 21. Communication is the key1. Eliminate vacuum in communications2. Get closer to target audience, talk to them, get their feedback3. Work together to ensure that the target is realistic to achieve and all necessary tools and resources are available4. Find balance between desired result and effort spent to achieve it – otherwise there will be no result at all5. Don’t stop when agreement is made and artifacts are produced. This is only the beginning6. Continuously analyze results of your work and try to find sources of any issues, adjust accordingly
  22. 22. Policy maintenance is a continuous process Policy Policy PublicationAdjustments Feedback Publication Report to manager Analysis of Done Results
  23. 23. P.S.
  24. 24. How they see me
  25. 25. How I see myself
  26. 26. Contact 10/10/2012