Contact Us

Contact Secmation to find out how we can help with your secure product development.  Use the form on the right to contact us.  

 

           

123 Street Avenue, City Town, 99999

(123) 555-6789

email@address.com

 

You can set your address, phone number, email and site description in the settings tab.
Link to read me page with more information.

Getting Started

Security Information Overload

A simple Internet search will find a large amount of security related information.  The information ranges from today's security breach to academic research.  Separating out the useful information is a challenge even for security professionals.

For a product team that needs to gather security information quickly to get started this information overload is a challenge that can cause product delays.  Delays can come either through hesitation to get started, new information arriving in the middle of development, or discovering an unknown requirement before release.  

Efforts to summarize the available information tend to be "lists of lists" that, while helpful, do not target the needs to the Product Development and the Product Development Team.  Each member of the team has a different role and different needs for information.  The list of Resources provided below attempts to provide a starting point for each team member to get quickly familiar with security information in their area and enable them to find out more as required.

Product Manager

Determining a market need for a secure product and justifying the investment in security development are key challenges.  Organizations new to security can see security as an unneeded risk to development timelines or added expense/overhead making  Product Manager's challenge difficult.  As an innovative product feature, a basic market requirement, or anything in between, the Product Manager must be able to make the business case to add security.

Security Risk/Threat Reports - These resources can provide a list of current security challenges that customers are concerned about

Internet Security Risk Report Volume 20, Symantec

Cyber Risk Report 2015, HP Security Research 

Internet of Things - Privacy and Security in a Connected World, Federal Trade Commission

Business Case for Security - Methods to help formulate the  business case for security in product development

A Common Sense Way to Make the Business Case for Software Assurance

Project manager

Managing a product being developed by a team utilizing an unfamiliar technology is always a challenge.  Like any technology, security has a set of technical and business concerns that a Project Manager must balance to ensure a successful launch.

Introduction to Security Project Management - Understanding secure project needs

Security and Project Management

Risk Management - Success in secure product development is fundamentally about risk and how well a Project Manager can manage it 

Managing Information Security Risk

Introducing OCTAVE Allegro: Improving the Information Security Risk Assessment Process

Security Development Lifecycle - Best practice processes to implement security in a product

Microsoft Security Development Lifecycle

Secmation Rapid Start

Vendor Management - Security vendors are in important part of secure development execution and require special attention for the Project Manager

Meaningful Security Service Level Agreements

Software Integrity Controls - An Assurance-Based Approach to Minimizing Risks in the Software Supply Chain

Software/Systems Architect

Developing a security architecture is a balance of understanding the product needs, security threats, available security technologies, and security verification testing.  This understanding must be specified and communicated to the product team for effective development.

Security Systems Engineering - The traditional System Engineering approach with focus on security

Systems Security Engineering, An Integrated Approach to Building Trustworthy Resilient Systems

Requirements Analysis for Secure Software

Architectural Analysis and Threat Modeling - Understand where the design is vulnerable 

Threat Risk Modeling

Architectural Risk Analysis

Industry Guidance - Security recommendations and controls that should be considered for product design

Guide to Industrial Control Systems (ICS) Security

System Security Testing - How to ensure the security designed in performs as required

Risk-Based and Functional Security Testing

Developer

The software developer's challenge is to produce working code on tight timelines to meet product deadlines.  Adding security can be difficult but good guidance on how to implement it effectively is available that works within most development processes.

Secure Coding Practices - How to do it and what to watch out for

Fundamental Practices for Secure Code Development

Key Practices for Mitigating the Most Egregious Exploitable Software Weaknesses

Security Code Review - Add security assessment to your existing peer review process

OWASP Code Review Project 

Security Unit Testing - Check for security in code early and often in the development process

OWASP Testing Guide Version 4

Executive

As an executive in an organization, it is not only the security of your IT infrastructure that deserves additional attention, but security is a growing need in executing new product development.  Understanding and managing the security risks your organization faces is critical to profitable project execution and company growth.

Governance of Enterprise Security

Application Security Guide for CISOs

How can Secmation Help?

Even a list with the goal to summarize a starting point for learning about secure product development is long.  Secmation can deliver targeted training specific to your product's needs to get the development team confident in its ability to execute the security development and keep the product on track for successful launch.