Manage Risk by Building Information Security into Your Projects.

Session Overview
Developed and offered by the NYS Forum's Security Work Group

As organizations continue to grow on a global scale, one of the most significant factors contributing to their success is the ability to securely enable the business, aligning business requirements with information technology (IT) solutions. With an increasing number of employees, contractors, suppliers, dealers, business partners, and other types of users requiring access to sensitive data, applications, and supporting infrastructures, organizations are left to grapple with the need to effectively protect applications across the enterprise, while providing enough access to support strategic initiatives.

With the need to expand IT borders and resources to external users, it is essential to protect the environment from all types of attacks, both internal and external. Combined with the standard information security approaches and tools, such as firewalls, de-militarized zones, intrusion detection systems, intrusion prevention systems, etc., the integration of security throughout the system development lifecycle (SDLC) provides a comprehensive mechanism for securing the environment against existing and potential threats.

In this session, Deb Snyder, NYS Office of Temporary and Disability Assistance and Mark Spreitzer, CGI Group, Inc. will discuss an industry-recognized approach to integrating security into the SDLC. This shared services approach embeds secure coding principles into the SDLC, utilizing a set of controlled vulnerability tests (through a combination of automated scanning tools and manual testing techniques) to assess each application from an attacker's perspective. This innovative approach incorporates a unique combination of secure coding principles (NIST, Microsoft, OWASP, and CERT), standardized testing for security vulnerabilities, and an approach that focuses on the various methods and approach vectors utilized by cyber attackers and other malcontents. Additionally, during the session, we will discuss how this innovative, shared-services approach has been leveraged to secure the enterprise at another large state agency, saving millions in cost avoidance alone.

Adopting secure development practices not only benefits your organization with increased security, but has real and measurable business and cost benefits.


Note: Presentation link below open in a new window. If you are unable to open the provided format or require a different one, please contact us and we will provide an alternative format.


Time & Place: