Measuring Progress in Application Security

Monday February 01, 2010 - 12pm ET / By Leonel Navarro, Project Management Professional
logo
 

Register to webinar

 
Content
  • Undestand the different types of threats
  • Identify key performance indicators and define SMART metrics
  • Establish a well-defined and measurable process
  • Rate vulnerabilities within the appropriate context
  • Create a Vulnerability Tracking System
  • Make metrics visible to management
  • Summary
 right_shadow
bottom_shadow
 

Preface

The most important goal of an application security (appsec) program is to secure the organization’s information assets, and maintain the security infrastructure breach-free. A successful program is hardly a one-time project, but rather an on-going effort that constantly provides education, guidance and tools. The only way to really understand how such a program is working is through the implementation of an effective performance tracking system that is supported by the right metrics.

The appsec program starts with a comprehensive application vulnerability detection strategy, as discussed in a previously published whitepaper, and requires the right mechanisms to measure its ability to meet the following objectives:

  • Constantly assess the overall risk of the application portfolio
  • Identify the specific root cause for the appsec problem
  • Strengthen trust and credibility from upper management by continuously showing results and program progress
  • Support third-party vendor management to track vendor’s performance in appsec
  • Speed up the appsec problems solution
  • Constantly reinforce the overall business value for the organization

In this document we’ll share six conditions we have identified as essential for establishing a solid path that enables a metrics-driven application security program, one that allows for the transformation of data into reliable, accurate and precise information.

1. Understand the different types of threats
2. Identify key performance indicators (KPIs) and define SMART metrics
3. Establish a well-defined and measurable process
4. Rate vulnerabilities within the appropriate context
5. Create a vulnerability tracking system
6. Make metrics visible to management

To continue reading, please fill out the form on the upper right-hand side of the page.
 
 
© Valores Corporativos Softtek S.A. de C.V.