Application Security Project Management
The application security management focuses on improving management processes within the organization in respect of its ability to ensure security of newly developed, purchased as well as of already productive applications.
To be able to properly adress application security on an organizational level, we need to implement a management system that we can integrate in an existing ISO 2700 Information Security Management System (ISMS).
Examples for activities in this area are:
- Management of security projects and programs.
- Assessment of application security processes (e.g. in respect to BSIMM oder OWASP SAMM)
- Development of application security policies, standards and guidelines.
- Application security risk management
- Application security portfolio management
- Coordination of pentests and other security assessments.
- Development of procurement requirements, RFPs, etc.
- Definition and implementation of metrics for application security
- Establishment of an application component patch management.
- Trainings and coachings of all kinds of stakeholder
Establishing an adequate application security management system and thereby ensuring a sustainable security improvement of internally developmed as well as purchased applications, cannot be reached by overnight. Instead it requires a company-specific roadmap including short-term, mid-term and long-term goals, objectives and KPIs that is followed and improved step-by-step.