Operational Project Support
Project internal responsibilities for IT security are vital for meeting security requirements and duties that are constantly increasing. This of course primarily concerns projects that build security-critical applications and especially those that do this based on an agile approach where new security-relevant requirements can continuously be introduced.
Such a role is often called Security Champion. A project security officer or security architect is also widely used terms depending on their assigned tasks though.
Examples of activities in this area are:
- Identification of suitable security measures and placement of relevant tickets.
- Definition of security architecture.
- Internal security contact (e.g. to dev teams).
- External security contact (e.g. to IT security function).
- Planing and coordination of pentests and assessment of their results.
- Coordination of remediation of identified findings.
- Execution of internal trainings and awareness measures.
- Intwegration of automatic security tools in build pipeline.
- Maintanance of security documentation (e.g. security concepts).
- Execution of threat and risk assessments.
Especially lack of know-how is one common problem when it comes to filling such a role in practice though. We can support you here in different ways, e.g.:
- Providing qualified project ressources
- Training and coaching of existing project members
- Implementation and coordination of internal security communities