Cigital’s Agile Security Manifesto

All Rights Reserved, Royalty-free license purchased through Fotolia.com

I tend to operate in accordance with the four principles of Cigital‘s recent Agile Security Manifesto.

[su_pullquote align=”right” class=””]NOTE: I cannot state whether I’ve employed Cigital professionally but I have had interaction with them in my career.[/su_pullquote]

Standardize Your Security In An Agile Culture

 

Thoughts on Information Security and Risk Management in an Agile Culture

 

 

Narrated slidedeck from a presentation given at the Chattanooga chapter of ISSA.

In keeping with the Ides of March timing of the presentation, I chose to model my analogy to include references to Julius Caesar and Mark Antony.

Information Security Costs May Be Delayed But At What Price

[S]oftware solutions delivered to market cost money. Secure software solutions or products and services with critical dependency on secure software solutions cost more money.  Hospira is finding this out with its older medical pumps in the Symbiq line.

 

Copyright Rob Byron, Licensed via Fotolia.com - Image #4187103

An examination room at a doctor’s office.

 

Delivery IS Business

Royalty free image licensed via Fotolia.com

Flower Shop Owner

Business

[W]hether your business’ core competencies involve products, services or legally binding promises, delivery is a measuring stick that’s used to evaluate you.

Do you deliver what customers want ahead of the industry?  Do you deliver it better or cheaper.  Do you deliver a different experience; are you a boutique for your industry?

Data Breach Breaking Point Prediction

The Catalyst

I was enjoying Episode 82 of the Defensive Security podcast with Mr Jerry Bell (@MaliciousLink) and Mr Andrew Kalat (@Lerg).  About 18 minutes into the podcast they comment on how few people care about data breaches and wonder what will have to happen before non-infosec people react to data breaches (particularly credit/debit card breaches).