CISO


A CISO’s Guide To Application Security – Part 5: Justifying an Investment in AppSec

This post is the last in a 5-part series on Application Security, or “AppSec”. By Fergal GlynnThis blog post series has examined the growing threats to software, defined the components of a sound AppSec program, described an evolutionary path to AppSec maturity, and considered a number of tools and technologies worthy of investment. Ultimately, it is the Chief Information Security Officer (CISO) or equivalent’s responsibility to mitigate the enterprise’s level of software risk as part of a comprehensive infosec strategy. In this, the final post in this series, let’s review the return on investment possible from a sound AppSec program, including ways to build a business case for further investment in this critical IT security discipline.


This post is the fourth in a 5-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.By Fergal Glynn, VeracodeAs we have examined in this series, the information security practice called Application Security (or “AppSec”) seeks to protect all of the software that runs a business. It has three distinct objectives:1) Measurable reduction of risk from existing applications2) Prevention of introduction of new risks3) Ensuring compliance with regulatory mandates

Editor’s Note: This post is the first in a multi-part series on Application Security, or “AppSec” prepared by our friends over at application testing firm Veracode. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk. Taken together, they are a primer on AppSec best practices that will help organizations build the business case for further investment in this critical IT security discipline.by Fergal Glynn, Veracode Inc.

Former State of Pennsylvania CISO Robert Maley has been watching all the news about his firing for talking about a security incident without permission at last month’s RSA conference. He began a talk on application security at CSO Perspectives 2010 by going off topic and addressing the controversy head on. Read the full article. [CSO]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.