Application Security Project Management
The application security management focuses on improving management processes within the organization in respect of its ability to ensure the security of newly developed, purchased as well as already productive applications.
To be able to properly address application security on an organizational level, we need to implement a management system that we can integrate into an existing ISO 2700 Information Security Management System (ISMS).
Examples of activities in this area are:
- Management of security projects and programs.
- Assessment of application security processes (e.g. in respect to BSIMM oder OWASP SAMM)
- Development of application security policies, standards and guidelines.
- Application security risk management
- Application security portfolio management
- Coordination of pentests and other security assessments.
- Development of procurement requirements, RFPs, etc.
- Definition and implementation of metrics for application security
- Establishment of an application component patch management.
- Trainings and coachings of all kinds of stakeholder
Establishing an adequate application security management system and thereby ensuring a sustainable security improvement of internal development as well as purchased applications, cannot be reached overnight. Instead, it requires a company-specific roadmap including short-term, mid-term, and long-term goals, objectives, and KPIs that is followed and improved step-by-step.