Operational Project Support
Project internal responsibilities for IT security are vital for meeting security requirements and duties that are constantly increasing. This of course primarily concerns projects that build security critical applications and especially those that do this based on an agile approach where new security-relevant requirements can continuously be introduced.
Such a role is often called Security Champion. Project security officer or security architect are also widely used terms depending on their assigned tasks though.
Examples for activities in this area are:
- Identification of suitable security measures and placement of relevant tickets.
- Definition of security architecture.
- Internal security contact (e.g. to dev teams).
- External security contact (e.g. to IT security function).
- Planing and coordination of pentests and assessment of their results.
- Coordination of remediation of identified findings.
- Execution of internal trainings and awareness measures.
- Intwegration of automatic security tools in build pipeline.
- Maintanance of security documentation (e.g. security concepts).
- Execution of threat and risk assessments.
Especially lack of know-how is one common problem when it comes to filling such a role in practice though. We can support you here on different ways, e.g.:
- Providing qualified project ressources
- Training and coaching of existing project members
- Implementation and coordination of internal security communities