Play all

Succeeding with Enterprise Software Security Key Performance Indicators

KPI = Key Performance Indicator

A key performance indicator (KPI) is a measure of performance, commonly used to help an organization define and evaluate how successful it is, typically in terms of making progress towards its long-t…

Show relative distance to a goal

Establish relevance to org

Establish relevance to security

A: Implemented mandatory testing

Relative distance to goal Relevance to organization Relevance to security

Security items (examples) static analysis process dynamic analysis process integrating testing tools developer awareness

Impact of a security item to the release timeline

Security items (examples) integrating security testing early in development providing templates for 'fixes' defining pre-built code modules

Impact of a security item to the uptime of the application/service

Security items (examples) continuous security monitoring continuous/regular testing remediation of exploitable vulns

Security items (examples) mandatory peer review of code required stage-gates to production w/security sign*-off accountability by LOB VP

Minimize injection (A1) defects in new software releases

Follow the wh1t3rabbit.

Description:

Learn how to implement effective Key Performance Indicators (KPIs) for enterprise software security in this 58-minute conference talk from BSides Nashville 2014. Explore the importance of KPIs in measuring organizational success and progress towards long-term goals. Discover how to establish relevant security metrics, including implemented mandatory testing, static and dynamic analysis processes, and developer awareness. Examine the impact of security measures on release timelines and application uptime. Gain insights into integrating security testing early in development, providing fix templates, and implementing continuous security monitoring. Understand the value of mandatory peer code reviews, security sign-offs, and accountability measures. Apply these strategies to minimize injection defects and enhance overall software security in your enterprise.

Succeeding with Enterprise Software Security Key Performance Indicators

Add to list

#Information Security (InfoSec) #Cybersecurity #Software Security #Business #Key Performance Indicators #Computer Science #DevOps #Continuous Monitoring #Programming #Software Development #Software Testing #Security Testing #Dynamic Analysis #Static Analysis #Business Software #Enterprise Software

0:00 / 0:00