January 2008. BugSec Products Challenges Data security aspects become a critical elements in modern...
-
Upload
terrence-harless -
Category
Documents
-
view
216 -
download
2
Transcript of January 2008. BugSec Products Challenges Data security aspects become a critical elements in modern...
January 2008
BugSec ProductsBugSec Products
ChallengesChallenges
Data security aspects become a critical elements in modern companies proceeding.
Many organizations are required to comply with information security standards, such as PCI, BASEL II, HIPAA, SOX and more
Because of these regulations and threats, implementation of a new software or system becomes very “painful” and takes a long time
The Present SituationThe Present Situation
Security problems may cause unnecessary costs and schedule delays
Systems must undergo penetration tests before production
At the final stage, the development of each solution necessitates the investment of extensive resources
Conclusion:Conclusion:The implementation of security means during the development process
saves time and money
FactFact
NIST (National Institute of Standards and Technology):
“…the cost of fixing defects after deployment is almost fifteen times greater than detecting and eliminating them during development”
Sec2Pro FunctionsSec2Pro Functions
Increases awareness to the importance of information security
Implements security best practices into development processes
Automates procedures, ensures their assimilation by programmers, keeps track of their implementation in practice
Receives feedback from programmers regarding adherence to guidelines
Produces control reports for management(Cont.)
Sec2Pro Functions Sec2Pro Functions (cont.)(cont.)
Significantly reduces penetration testing timesVerifies compliance with required standards and
regulationsProvides programmers with ongoing updates regarding
threats and newly issued regulatory requirements
Sec2ProSec2Pro
Integrated hardware (appliance) / software system Straightforward assimilation and operation “Translation” of regulations and standards into specific
instructions Broad knowledge base for all development environments and
infrastructure Intuitive, efficient and accessible knowledge base Ongoing updates regarding technological issues and regulatory
requirements Online communication among all project components through
one system
Sec2ProSec2Pro
Sec2Code includes 2 configurations: Notifier – tracks code writing and refers the programmer
to relevant information in the knowledge base Project Checklist – manages security aspects during
programming
Sec2Net Procedures and a checklist for hardening IT
infrastructures
Opening a New ProjectOpening a New Project
Opening a new project includes the participants, software languages and regulations
Click to enlarge
Back
Interrogation & Input DataInterrogation & Input Data
The system generates a checklist according to the project definitions
Click to enlarge
Back
Programmer SupportProgrammer Support
The system provides the programmer with detailed explanations, including suggestions on how to resolve a variety of problems – from fundamental issues to examples of relevant codes
Click to enlarge
Back
Reporting ToolsReporting Tools
The system provides managers with on-line progress reports
Click to enlarge
Back
Sec2Code NotifierSec2Code Notifier
Subtle pop-up notification appears when an object requires attention
A hyperlink directs to the relevant page in the knowledge base
The application is transparent to the user
Click to enlarge
Back
Sec2Code NotifierSec2Code Notifier
System BenefitsSystem Benefits
Unique “open architecture” moduleAbility to add checklists of any kindOrganizations can independently construct tailored
development environments meeting their specific needs
Shorter penetration testing times Ability to set earlier project launch datesReduced dependency on external consulting services
Thank YouThank You
For more details cont us:
11 Moshe Levi St., Rishon le Zion 75070, IsraelTel: +972-3-9622655 | Fax: +972-3-9511433 | E-mail: [email protected]
Visit us at our website: www.bugsec.com