1 / 22

Measuring Security Best Practices with OpenSAMM

Measuring Security Best Practices with OpenSAMM. Alan Jex SnowFROC 2013. Introductions. Alan Jex: Chief Security Architect at HP PPS Organization alan.jex@hp.com. Outline. Security Concerns and Goals OpenSAMM Framework Business Functions Security Practices Assessments Scorecards

damara
Télécharger la présentation

Measuring Security Best Practices with OpenSAMM

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Measuring Security Best Practices with OpenSAMM Alan Jex SnowFROC 2013

  2. Introductions Alan Jex: Chief Security Architect at HP PPS Organization alan.jex@hp.com

  3. Outline • Security Concerns and Goals • OpenSAMM Framework • Business Functions • Security Practices • Assessments • Scorecards • Roadmaps

  4. Security Concerns • What is your biggest security risk? • What compliance requirements drive your business? • How do you handle security incidents? • Does your development team produce secure code?

  5. Security Goals • Avoiding the “big one” (data breach) • Protecting the company brand • Managing real security risks • Developing a secure software development lifecycle (SDLC) • Enabling new business

  6. Are you stuck?

  7. Enter OpenSAMM • SAMM is: • A Software Assurance Maturity Model • An open framework for • Measuring security practices • Finding vulnerabilities earlier • Lightweight, Flexible, Simple-to-understand, and Complete • An OWASP project

  8. 4 Business Functions

  9. 12 Security Practices

  10. Policy and Compliance

  11. Security Requirements

  12. Security Testing

  13. Vulnerability Management

  14. SAMM Assessments • SAMM assessment is lightweight or detailed according to your security process

  15. SAMM Assessments • SAMM provides assessment worksheets for every Security Practice

  16. SAMM Scorecard Levels are from 0 to 3: 0 Starting point 1 Ad hoc (manual) 2 Increased effectiveness (automated) 3 Comprehensive mastery (audited)

  17. SAMM Roadmap

  18. SAMM Roadmap • Build your Security Program in phases • Implement levels based on security risk

  19. Roadmap Templates Online Service Provider Government

  20. Summary • SAMM allows you to: • Measure and improve security best practices • Focus on security risk to make effective use of security resources • Find vulnerabilities earlier in the development process • Prevent rather than react to security incidents

  21. References Security Maturity Models

  22. Questions?

More Related