SECURITY EDUCATION CATALOGUE

Size: px
Start display at page:

Download "SECURITY EDUCATION CATALOGUE"

Transcription

1 SECURITY EDUCATION CATALOGUE i

2 ii

3 TABLE OF CONTENTS Introduction 2 Security Awareness Education 3 Security Awareness Course Catalogue 4 Security Awareness Course Builder 7 SAE Print Material 8 Secure Code Development 9 Secure Development Catalogue 10 Secure Code Development Course Builder 14 1

4 INTRODUCTION The human factor - what employees do or don t do - is the biggest threat to an organization s information security, yet it s often the most overlooked. Whether they are swiping credit cards, handling clients personal information, or developing software solutions for your business, your employees are ripe targets for information thieves seeking access to your sensitive data - if you do not help them learn to protect it. Arm yourself with security education for staff and partners. Use this catalogue to browse Trustwave s security education offerings, including security awareness training for all staff and secure software development courses for technical staff. If you have questions, reach out to your Trustwave account manager or use the Contact Us section of the Trustwave website. 2

5 Section Introduction: Security Awareness Education (SAE) Every Trustwave Security Awareness Education (SAE) program is customized for you, the client. Your options include how your online security awareness training course will be set up and what additional print-based materials you would like to order to reinforce your program all year round. This section is designed to help guide you through these options and choose the program that is right for you and your organization. SAE Course Catalogue: Use these pages to browse our growing library of security awareness lessons. Categorized by areas of interest, each lesson s catalogue code, topic and objectives are listed here to help you decide which topics are most appropriate for your target audience(s). You may also view all of our lessons in the Trustwave SAE Portal itself - contact your Trustwave account manager if you would like to receive a free trial account on our service. SAE Custom Course Builder: This page lists the lessons included in each of our course offerings for the most common types of organizational roles targeted for security awareness training. If these combinations don t fit your organization s needs just right, or you d like to include additional materials such as quizzes or your organization s own information security policies as part of the course, use the interactive spaces at the bottom of the page to identify the contents of the custom course(s) you would like us to build. SAE Pamphlets: Do you employ cashiers and servers who do not have ready access to computers at work? Do you hire temporary workers whose schedules don t allow much time for training? No problem. Instead of enrolling this population in our online service, you can order our security awareness training brochures suitable for front-line workers. The content of the brochures is the same as what is included in our online course. Brochures are currently available in English, Spanish and Portuguese. SAE Posters: Often, organizations administer a formal security awareness training only once per year. Including SAE posters in your office environment reminds employees year-round of their security awareness responsibilities. 3

6 Security Awareness Course Catalogue Each course in your Security Awareness Education (SAE) program can be comprised of one or more of the following lessons. Use this guide to identify the lessons you would like to include in each course. If you have any questions, or if you would like to receive a free trial account on the Trustwave SAE Portal, contact your Trustwave account manager for more information. COMPLIANCE OVERVIEWS - COM lessons cover the basic principles of various compliance standards mandating training and other information security measures. # Lesson Name Lesson Objectives Supporting Objectives COM-01 PCI Overview Recognize how the Payment Card Industry (PCI) self-regulates to protect cardholder data. COM-02 HIPAA Overview Recognize how U.S. HIPAA and HITECH laws protect the privacy and security of protected health information (PHI). COM-03 FFIEC Overview Coming Soon Coming Soon COM-04 PIPEDA Overview Coming Soon Coming Soon Recognize the key PCI stakeholders, and common merchant acceptance channels and classifications. Recognize the cycle of a credit card transaction. Describe the PCI regulatory environment and recognize high level compliance requirements. Recognize key HIPAA and HITECH stakeholders Recognize the purpose and scope of HIPAA privacy and security rules. Describe the HIPAA regulatory environment and recognize high level compliance requirements. CORE CONCEPTS - COR lessons cover basic security awareness concepts that all employees should understand. We recommend including these 5-minute lessons for all your staff. # Lesson Name Lesson Objectives Supporting Objectives COR-01 Information Demonstrate basic knowledge of information security. Define information security and recognize the importance of protecting information. Security COR-02 Security Awareness Demonstrate basic knowledge of security awareness. Define and recognize the importance of security awareness. COR-03 Sensitive Information Define sensitive information, list the types of sensitive information that exist, and recognize the basic procedures for control, storage and destruction of information. Define sensitive information. Recognize how to identify and categorize information. Recognize the basic procedures for the control, storage and destruction of sensitive information. List best practices for discussing sensitive information. SECURITY AWARENESS TOPICS - SAT lessons cover best practices for common types of tools and activities on the job. Include all those that apply to your employees work activities. # Lesson Name Lesson Objectives Supporting Objectives SAT-01 Social Engineering Define social engineering and recognize common threats to information security and how to avoid becoming a victim. Define social engineering, recognize who is at risk of becoming victims and list the types of information targeted by social engineers. List the most common channels for social engineering, and recognize popular ploys. List best practices to avoid becoming a victim of social engineering. SAT-02 Physical Security Define physical security, recognize common threats and list best practices. SAT-03 PC Security Define PC security, recognize common threats and list best practices. Define physical security, recognize the importance of physical security and list the information at risk. Recognize common attacks on physical security. Recognize physical security vulnerabilities and best practices for securing your workplace. Define PC security and recognize the risks of leaving your computer unprotected. List and describe common PC attacks, vulnerabilities, and user mistakes that put your information and systems at risk. List and describe critical PC security measures and best practices. 4

7 Security Awareness Course Catalogue # Lesson Name Lesson Objectives Supporting Objectives SAT-04 Security Define security, recognize common threats and list best practices. SAT-05 SAT-06 SAT-07 SAT-08 Password Security Web Browsing Security Mobile Device Security Online Banking Security Define password security, recognize common threats and list best practices. Define Web browsing security, recognize common threats and list best practices. Define mobile device security, recognize common threats and list best practices. Recognize the risks and threats that come with online banking, as well as the technology and security best practices available to help combat such threats. Define security and recognize the risk to information security if secure practices are not in place. Recognize the most common scams and the measures you can take to avoid becoming a victim. List best practices for using securely. Define password security and recognize the importance of keeping passwords protected. List the ways password protection may be used to keep information secure. List basic rules for building a strong password and recognize best practices for effective password use. Define Web browsing security and recognize the risks of visiting unknown and unsecure websites. List the most common Web security threats and recognize how you may put your organization s information at risk. List and describe best practices for browsing the Web securely. Define mobile device security and recognize the risks of leaving your device unprotected. Recognize common mobile device attacks and user mistakes that put information at risk. List and describe common mobile device security measures. Recognize ways information is stolen from online accounts Recognize the monetary risk of security incidents and the top attack targets used by criminals Describe how banks and their customers work together to protect valuable information BEST PRACTICES FOR JOB ROLES - JRT lessons target specific job roles within an organization. Each course may contain one JRT lesson to cover best practices for the target role. # Lesson Name Lesson Objectives Supporting Objectives JRT-01 Secure Practices for Retail Associates Recognize the security awareness responsibilities of retail associates and the laws, regulations, methods and best practices that help keep information secure in the retail environment. Recognize the information security responsibilities of retail associates and the related laws and regulations that impact the retail environment. List and describe information security responsibilities and best practices of retail associates. Recognize the security responsibilities of retail managers or owners and the information security laws and regulations that impact the retail environment. List and describe information security responsibilities and best practices of retail managers. Recognize the information security laws and regulations that impact the call center environment. Recognize the responsibility of call center employees to protect the information they work with each day. List and describe the information security responsibilities and best practices of call center employees. Recognize the information security responsibilities of call center managers and the related laws and regulations that impact the call center environment. List and describe information security responsibilities and best practices of call center managers. Recognize the security responsibilities of enterprise employees and the information security laws and regulations that impact the enterprise environment. List and describe information security responsibilities and best practices of enterprise employees. JRT-02 Secure Practices for Retail Managers Recognize the security awareness responsibilities of retail managers and the laws, regulations, methods and best practices that help keep information secure in the retail environment. JRT-03 Secure Practices for Call Center Employees Recognize the security awareness responsibilities of call center employees and the laws, regulations, methods and best practices that help to keep information secure. JRT-04 Secure Practices for Call Center Managers Recognize the security awareness responsibilities of call center managers and the laws, regulations, methods and best practices that help keep information secure in the call center. JRT-05 Secure Practices for Enterprise Employees Recognize the security awareness responsibilities of enterprise employees and the laws, regulations, methods and best practices that help keep information secure. 5

8 Security Awareness Course Catalogue JRT-06 Secure Practices for IT and Engineering Staff Recognize the security awareness responsibilities of IT and engineering staff and the laws, regulations, methods and best practices that help keep information secure. harasses Recognize the information security-related laws and regulations that impact the IT and application development environment and the responsibility of personnel to protect the information they work with each day. List and describe the information security responsibilities of IT and engineering staff. List best practices for IT and engineering staff to help keep information secure. Recognize a business s role in keeping their sensitive information secure online List best practices for businesses to use to protect their sensitive information JRT-07 Protecting Online Accounts for Businesses Recognize a business s role in helping to secure its own online systems and accounts, and identify the security best practices businesses can follow to do so. JRT-08 Protecting Online Accounts for Consumers Recognize the individual s role in helping to secure their own online accounts, and identify the security best practices individuals can follow to do so. Recognize an individual consumer s role in keeping their sensitive information secure online List best practices consumers can use to protect their sensitive information ADVANCED SECURITY TOPICS - ADV lessons cover a wide range of topics for managers and technical personnel. They are available for any SAE course at an extra charge per license. # Lesson Name Lesson Objectives Supporting Objectives ADV-01 PCI Forensic Investigations Recognize how the PCI forensic investigation process works and identify how a breach is discovered, investigated and remediated. Identify common ways breaches are discovered and the high level steps employees should take if a breach is discovered. Describe the Trustwave PCI forensic investigation process and a breached organization s responsibility to report and remediate security deficiencies. Recognize common security threats and the importance of continuous compliance to protect against them. ADV-02 Exploring the Global Security Report Recognize key findings of Trustwave s annual Global Security Report and list ways to improve security this year based on last year s trends. Recognize the purpose and contents of Trustwave s Global Security Report Recognize key findings of the current Global Security Report List security best practices that help organizations avoid the security pitfalls of last year 6

9 Security Awareness Course Builder This page lists the lessons included in our basic Security Awareness Education courses. These courses are targeted to common roles that fit most organizations needs. Select the course(s) that fit your target audience(s) by clicking inside the box beside it, or build your own course using the blank spaces below. Descriptions of each lesson in our library can be found in the SAE Course Catalogue. COM-01 COM-02 COR-01 COR-02 COR-03 SAT-01 SAT-02 SAT-03 SAT-04 SAT-05 SAT-06 SAT-07 SAT-08 JRT-01 JRT-02 JRT-03 JRT-04 JRT-05 JRT-06 JRT-07 JRT-08 ADV-01 ADV-02 Quiz Policy Document Security Awareness for Retail Associates Security Awareness for Retail Managers Security Awareness for Enterprise Employees Security Awareness for Call Center Employees Security Awareness for Call Center Managers Security Awareness for IT and Engineering Staff Security Awareness for Health Care Workers Security Awareness for Bank Workers Secure Banking Practices for Businesses Secure Banking Practices for Consumers CREATE YOUR OWN - Use this section to mix and match lessons to build up to five courses of your own. Just use the interactive checkboxes below to select course content. 7

10 SAE Print Material POSTERS Augment your Security Awareness Education with posters specific to your target audience. Click the check box to select the poster(s) you want. Use the total field to specify how many of each poster you want. Additional cost may apply depending on the number of SAE licenses you have purchased. Contact your Trustwave account manager if you have questions. RETAIL CALL CENTER WEB OFFICE SAE PAMPHLETS Trustwave s SAE Pamphlets are perfect for employees who do not have ready access to computers at work, or a lot of time to devote to training. The pamphlets can be cobranded to include your logo and company name, and are available in English, Spanish and Portuguese. Use the total field to specify how many pamphlets you would like to order. Each pamphlet consumes a single SAE license. 8

11 Section Introduction: Secure Code Development (SCD) Trustwave offers a suite of Web-based technical courses that introduce your solution development staff to theory and best practices around planning and writing secure code. You can choose to enroll employees in just one of the courses that is most relevant to them, or to give them access to the full suite of Secure Coding Design courses we offer. Whichever option you select, this section will help you decide which course(s) are right for your staff. SCD Course Catalogue. Use these pages to browse our library of Secure Code Development courses. Categorized by the Design, Code and Test stages of the software development life cycle, each course s catalogue code, topic and prerequisites (if any) are listed here to help you decide which topics are most appropriate for your target audience(s). SCD Course Builder. Use this worksheet to note which courses you would like to offer to your staff. 9

12 Secure Development Catalogue SECURE DESIGN - DES courses cover topics in secure software architecture and design, to help plan security into applications before any code is written. # Course Name Prerequisite DES 101 Fundamentals of Secure Architecture Understand the state of the software industry from a security perspective, by learning from past software security errors and how to avoid repeating those mistakes. They will also be able to recognize and use confidentiality, integrity and availability (CIA) as the three main tenets of information security. None DES 201 PCI Best Practices for Developers Recognize application security issues within the PCI-DSS and best practices for addressing each requirement. Recognize how addressing the PCI-DSS requirements during the design and build stages of the development lifecycle will improve application security and will simplify compliance. Fundamentals of Secure Architecture (DES 101) DES 211 OWASP Top 10 - Threats and Mitigations Recognize best practices for understanding, identifying and mitigating the risk of vulnerabilities and attacks within the OWASP Top 10. None DES 212 Architecture Risk Analysis and Remediation Recognize concepts, methods and techniques for analyzing the architecture and design of a software system for security flaws. Fundamentals of Secure Architecture (DES 101) DES 213 Introduction to Security Tools and Technologies This course is designed to educate architects and developers on the technologies available to create more secure systems. Fundamentals of Security Testing (TST 101) DES 301 Introduction to Cryptography Recognize the problems that cryptography can address, the threats that apply to two communicating parties, the appropriate cryptographic solutions to mitigate these threats, and how to describe the mechanisms behind cryptographic protocols. Learners will also be able to recognize how to follow cryptographic best practices and locate cryptography resources. Fundamentals of Security Testing (TST 101) DES 311 Creating Secure Application Architecture Recognize key security principles that can be used to improve the security of application architecture and design. Demonstrate how to apply defenses to harden applications and make them more difficult for intruders to breach, reducing the amount of damage an attacker can accomplish. Fundamentals of Secure Architecture (DES 101) Architecture Risk Analysis and Remediation (DES 212) SECURE ING - courses cover security topics in the implementation stage of the software development life cycle, when code is actually being written. 101 Fundamentals of Secure Development Recognize the latest trends in software security, as well as the importance of software security for business. Demonstrate how to perform threat modeling to identify threats proactively, create threat trees for application components, use threat tress to find and classify vulnerabilities, and perform risk analysis and prioritize security fixes. None 201 Fundamentals of Secure Database Development This course will demonstrate to software architects and developers database development best practices. Fundamentals of Secure Development ( 101) 10

13 Secure Development Catalogue 211 Understanding Secure Code - JRE Recognize and remediate common Java Web software security vulnerabilities. Define data leakage, injection attacks, client/server protocol manipulation attacks, and authentication exploitations, and mitigate these security vulnerabilities. Fundamentals of Secure Development ( 101) 212 Understanding Secure Code - C/ C++ Recognize how to write secure code in C/C++ for Windows and Unix platforms, robust code development, and secure socket programming. Demonstrate how to apply time-tested defensive coding principles to develop secure applications. Recognize the nine defensive coding principles and how to use them to prevent common security vulnerabilities. Fundamentals of Secure Development ( 101) 213 Understanding Secure Code - Windows 7 Define Windows 7 security features and build applications that leverage Windows 7 s built-in security mechanisms. Basic knowledge of Windows programming and memory management, and knowledge of basic security features of Windows versions prior to Windows Understanding Secure Code - Windows Vista Define Windows Vista security features and build applications that leverage Windows Vista s built-in security mechanisms. Basic knowledge of Windows programming and memory management, and knowledge of basic security features of Windows versions prior to Windows Understanding Secure Code -.NET 4.0 Recognize.NET 4.0 security features, including concepts such as Code Access Security (CAS) and.net cryptographic technologies. Recognize security changes in.net 4.0 including level 2 security transparency, the new sandboxing and permission model, introduction of conditional APTCA, and changes to evidence objects and collections. Define secure coding best practices that will enable students to build more secure applications in.net 4.0. Fundamentals of Secure Development ( 101) 216 Understanding Secure Code - NET 2.0 Define.NET 2.0 security features, including concepts such as Code Access Security (CAS) and.net cryptographic technologies. Recognize secure coding best practices that will enable students to build more secure applications in.net 2.0. Fundamentals of Secure Development ( 101) 221 Understanding Secure Code - Threats and Mitigations Recognize, avoid, and mitigate the risks posed by Web vulnerabilities. Define the most common and recent attacks against Web-based applications, such as cross-site scripting attacks and cross-site request forgery attacks. Demonstrate how to avoid and/or mitigate Web vulnerabilities using real-world examples. Creating Secure Code J2EE Web Applications ( 313) OR Creating Secure Code ASP.NET ( 311) 231 Introduction to Cross-Site Scripting - With JSP Examples Recognize the mechanisms behind cross-site scripting vulnerabilities, describe cross-site scripting vulnerabilities and their consequences, and apply secure coding best practices to prevent cross-site scripting vulnerabilities. Basic knowledge of Web technologies, and Java Server Pages (JSP). 232 Introduction to Cross-Site Scripting - With ASP.NET Examples Recognize the mechanisms behind cross-site scripting vulnerabilities, describe cross-site scripting vulnerabilities and their consequences, and apply secure coding best practices to prevent cross-site scripting vulnerabilities. Basic knowledge of Web technologies, ASP.NET, and C# programming language. 11

14 Secure Development Catalogue 311 Creating Secure Code - ASP.NET Demonstrate the development of secure web applications in C#. Recognize common web application vulnerabilities and demonstrate ways to avoid those vulnerabilities in C# code. In the hands-on section, students will discover the vulnerabilities for themselves and find ways to address them, greatly enhancing the security of their code. Upon completion of this class, participants will be able to recognize the need to follow secure coding best practices, follow secure coding best practices, and locate additional resources on secure coding best practices for ASP.NET. Understanding Secure Code -.Net 4.0 ( 214) 312 Creating Secure Code - C/C++ Define application security risks and secure coding standards for C and C++ applications, and the different types of errors that can be introduced while coding. Recognize the importance of detecting these errors and remediating them as early as possible to avoid security issues. Define real-world best practices and techniques, and static analysis tools to detect and resolve security vulnerabilities in code. Understanding Secure Code C/C++ ( 212) 313 Create Secure Code - J2EE Web Applications Demonstrate development of secure web applications in Java. Recognize common web application vulnerabilities and define ways to avoid those vulnerabilities in Java code. In the handson section, students will discover the vulnerabilities themselves and find ways to address them, greatly enhancing the security of their code. Upon completion of this course, participants will be able to recognize why software security matters to their business, recognize the root causes of the more common vulnerabilities, identify the symptoms of common vulnerabilities, and use security best practices to prevent common vulnerabilities. Understanding Secure Code JRE ( 211) 411 Integer Overflows - Attacks and Countermeasures An integer overflow is a programming error that can severely impact a computer system s security. Due to the subtlety of this bug, integer overflows are often overlooked during development. This course covers the security concepts, testing techniques, and best practices that will enable students to develop robust applications that are secure against integer overflow vulnerabilities. Basic understanding of the C, C++, and C# programming languages. 412 Buffer Overflows - Attacks and Countermeasures Recognize how to avoid and mitigate the risks posed by buffer overflows. Recognize protections provided by the Microsoft complier and the Windows operation system, and advice on how to avoid buffer overflows during the design, development and verification phase of the software development life cycle. Basic knowledge of Windows programming and memory management in Windows. SECURITY TESTING - TST courses cover topics in testing software for security flaws and remediating defects before release. TST 101 Fundamentals of Security Testing Define security-testing concepts and processes that will help students analyze an application from a security perspective and to conduct effective security testing. Recognize different categories of security vulnerabilities and the various testing approaches that target these classes of vulnerabilities. Several manual and automated testing techniques are presented which will help identify common security issues during testing and uncover security vulnerabilities. None 12

15 Secure Development Catalogue TST 201 Classes of Security Defects Recognize how to create a robust defense against common security defects. Students will learn why and how security defects are introduced into software, and will be presented with common classes of attacks, which will be discussed in detail. Along with examples of real life security bugs, students will be shown techniques and best practices that will enable the team to identify, eliminate, and mitigate each class of security defects. Additional mitigation techniques and technologies are described for each class of security defect. None TST 211 How to Test for the OWASP Top 10 The Open Web Application Security Project (OWASP) Top Ten is a listing of critical security flaws found in web applications. Recognize how these flaws occur and demonstrate testing strategies to identify the flaws in web applications. Fundamentals of Security Testing (TST 101) TST 311 How to Break Software Security This course is designed to give testers and developers the tools and techniques they need to help find security problems before their application is released. It lays the foundation needed to effectively recognize and expose security flaws in software and it introduces a fault model to help testers conceptualize these types of bugs. Functional testing knowledge as well as a basic understanding of how applications work. TST 411 Exploiting Buffer Overflows Recognize the threats posed by buffer-overflow exploits, and the mechanisms behind exploitation of stack-based and heap-based buffer overflows. Define challenges faced by exploit code and how different exploitation techniques overcome environmental limitations. Creating Secure Code C/C++ ( 312) 13

16 Secure Code Development Course Builder Use this checklist to determine which course(s) you want to provide for your staff. Descriptions of each course in the SCD library can be found in the SCD Course Catalogue on the previous pages. Design DES Fundamentals of Secure Architecture DES PCI Best Practices for Developers Select the course(s) that fit your target audience(s) by clicking inside the box beside it, noting any prerequisite courses that may be required. 1 - OWASP Web Application Security DES OWASP Top 10 - Threats & Mitigations DES Architecture Risk Analysis & Remediation DES Introduction to Security Tools and Technologies 2 - PCI-DSS / Compliance 3 - Security Awareness DES Introduction to Cryptography 4 - Microsoft / SDL DES Creating Secure Application Architecture Custom Code Fundamentals of Secure Development Fundamentals of Secure Database Development Understanding Secure Code - JRE Understanding Secure Code - C Understanding Secure Code - Windows Understanding Secure Code - Windows Vista Understanding Secure Code -.Net Understanding Secure Code -.Net Web Vulnerabilities: Threats & Mitigations Introduction to Cross-Site Scripting - JSP Introduction to Cross-Site Scripting - ASP.NET Creating Secure Code - ASP.NET Creating Source Code - C/C Creating Secure Code - J2EE Creating Secure Code - C# Integer Overflows: Attacks & Countermeasures Buffer Overflows: Attacks & Countermeasures 14 Test TST Fundamentals of Security Testing TST Classes of Security Defects TST How to Test for the OWASP Top 10 TST How to Break Software Security TST Exploiting Buffer Overflows

17

18 About Trustwave Trustwave is a leading provider of on-demand and subscriptionbased information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today s challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions including SIEM, WAF, EV SSL certificates and secure digital certificates. Trustwave has helped hundreds of thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and mediumsized retailers-manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com. Copyright 2012 Trustwave Holdings, Inc. All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. Trustwave and Trustwave s SpiderLabs names and logos are trademarks of Trustwave. Such trademarks shall not be used, copied or disseminated in any manner without the prior written permission of Trustwave.

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) www.ce.ucf.edu/ssd Offered in partnership with

More information

TEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com

TEAM Academy Catalog. 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 www.securityinnovation.com TEAM Academy Catalog 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 TEAM ACADEMY OVERVIEW 2 Table of Contents TEAM Academy Overview... 4 TEAM Professor Overview... 4 Security Awareness and

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) Certificate Program www.ce.ucf.edu/ssd Offered

More information

Application Security in the Software Development Lifecycle

Application Security in the Software Development Lifecycle Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO

More information

Juniper Networks Secure

Juniper Networks Secure White Paper Juniper Networks Secure Development Lifecycle Six Practices for Improving Product Security Copyright 2013, Juniper Networks, Inc. 1 Table of Contents Executive Summary...3 Introduction...3

More information

Learning Course Curriculum

Learning Course Curriculum Learning Course Curriculum Security Compass Training Learning Curriculum. Copyright 2012. Security Compass. 1 It has long been discussed that identifying and resolving software vulnerabilities at an early

More information

90% of data breaches are caused by software vulnerabilities.

90% of data breaches are caused by software vulnerabilities. 90% of data breaches are caused by software vulnerabilities. Get the skills you need to build secure software applications Secure Software Development (SSD) Certificate Program ssd.ucf.edu Offered in partnership

More information

TRAINING SERVICES elearning

TRAINING SERVICES elearning Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses that cover a range of

More information

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities.

Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. Managing business infrastructure White paper Staying a step ahead of the hackers: the importance of identifying critical Web application vulnerabilities. September 2008 2 Contents 2 Overview 5 Understanding

More information

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES. www.kaspersky.com KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES www.kaspersky.com EXPERT SERVICES Expert Services from Kaspersky Lab are exactly that the services of our in-house experts, many of them global

More information

MANAGED SECURITY TESTING

MANAGED SECURITY TESTING MANAGED SECURITY TESTING SERVICE LEVEL COMPARISON External Network Testing (EVS) Scanning Basic Threats Penetration Testing Network Vulnerability Scan Unauthenticated Web App Scanning Validation Of Scan

More information

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP How to start a software security initiative within your organization: a maturity based and metrics driven approach Marco Morana OWASP Lead/ TISO Citigroup OWASP Application Security For E-Government Copyright

More information

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis Document Scope This document aims to assist organizations comply with PCI DSS 3 when it comes to Application Security best practices.

More information

Security Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems

Security Innovation Application Security Education Curriculum. Courses to Help Build and Deploy more Secure Software and Information Systems Security Innovation Application Security Education Curriculum Courses to Help Build and Deploy more Secure Software and Information Systems Table of Contents 1.0 Security Education Curriculum Map... 3

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Secure Web Gateway 11.7 Upgrade Release Notes

Secure Web Gateway 11.7 Upgrade Release Notes Secure Web Gateway 11.7 Upgrade Release Notes August 2015 Trustwave is pleased to announce that the upgrade path for Secure Web Gateway to version 11.7 is now available. For more information on SWG 11.7,

More information

Strategic Plan On-Demand Services April 2, 2015

Strategic Plan On-Demand Services April 2, 2015 Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on

More information

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221

Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC. www.aspetech.com toll-free: 877-800-5221 Our Security Education Curriculum PREPARED FOR ASPE TECHNOLOGY BY SI, INC www.aspetech.com toll-free: 877-800-5221 Security Training for Developers, Testers and Managers Security Innovation, Inc. 187 Ballardvale

More information

TRAINING SERVICES elearning

TRAINING SERVICES elearning SECURELY ENABLING BUSINESS Securely Enabling Your Business TRAINING SERVICES elearning Engaging and Effective Overview FishNet Security s Training Services team offers engaging, interactive elearning courses

More information

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright 2015. Security Compass. 1 LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3 Copyright 2015. Security Compass. 1 CONTENTS WHY SECURITY COMPASS...3 RECOMMENDED LEARNING PATHs...4 TECHNICAL LEARNING PATHS...4 BUSINESS / SUPPORT

More information

Web Application security testing: who tests the test?

Web Application security testing: who tests the test? Web Application security testing: who tests the test? Ainārs Galvāns Application Penetration Tester www.exigenservices.lv About myself Functional testing Leading test group Reporting to client Performance

More information

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Cenzic Product Guide. Cloud, Mobile and Web Application Security Cloud, Mobile and Web Application Security Table of Contents Cenzic Enterprise...3 Cenzic Desktop...3 Cenzic Managed Cloud...3 Cenzic Cloud...3 Cenzic Hybrid...3 Cenzic Mobile...4 Technology...4 Continuous

More information

Achieving PCI DDS compliance

Achieving PCI DDS compliance Document Scope This report offers a global perspective on the state of compliance with the Payment Card Industry (PCI) Security standards. We also look at how compliance can be a positive force for change,

More information

NSFOCUS Web Vulnerability Scanning System

NSFOCUS Web Vulnerability Scanning System NSFOCUS Web Vulnerability Scanning System Overview Most Web application systems are tailor-made and delivered in source codes by Customer Benefits Accurate Analysis on Website Vulnerabilities Fast scan

More information

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006

Introduction to Web Application Security. Microsoft CSO Roundtable Houston, TX. September 13 th, 2006 Introduction to Web Application Security Microsoft CSO Roundtable Houston, TX September 13 th, 2006 Overview Background What is Application Security and Why Is It Important? Examples Where Do We Go From

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Secure Web Gateway 11.6 Release Notes

Secure Web Gateway 11.6 Release Notes Secure Web Gateway 11.6 Release Notes Trustwave is pleased to announce the release of Secure Web Gateway version 11.6. November 2014 For information on upgrading, see the Trustwave SWG 11.6 Upgrade Release

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information

Website Security: How to Avoid a Website Breach. Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions

Website Security: How to Avoid a Website Breach. Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions Website Security: How to Avoid a Website Breach Jeff Bell, CISSP, CPHIMS, ACHE Director, IT Security and Risk Services CareTech Solutions www.caretech.com > 877.700.8324 An enterprise s website is now

More information

Reducing the Cost and Complexity of Web Vulnerability Management

Reducing the Cost and Complexity of Web Vulnerability Management WHITE PAPER: REDUCING THE COST AND COMPLEXITY OF WEB..... VULNERABILITY.............. MANAGEMENT..................... Reducing the Cost and Complexity of Web Vulnerability Management Who should read this

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

Developing Secure Web Applications

Developing Secure Web Applications Developing Secure Web Applications Elements of this syllabus are subject to change. Key Data Course #: 2300 Number of Days: 3 Format: Instructor-Led Certification Exams: None Certification Track: MCSD

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

The Web Hacking Incident Database Semiannual Report July to December 2010

The Web Hacking Incident Database Semiannual Report July to December 2010 The Web Hacking Incident Database Semiannual Report July to December 2010 70 W. Madison Street, Suite 1050 Chicago, IL 60602 www.trustwave.com WHID Web Hacking Incident Database About the Web Hacking Incident

More information

Integrated Threat & Security Management.

Integrated Threat & Security Management. Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate

More information

IBM Rational AppScan: Application security and risk management

IBM Rational AppScan: Application security and risk management IBM Software Security November 2011 IBM Rational AppScan: Application security and risk management Identify, prioritize, track and remediate critical security vulnerabilities and compliance demands 2 IBM

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

Privacy + Security + Integrity

Privacy + Security + Integrity Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels

More information

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS

More information

Threat Modeling for Secure Embedded Software

Threat Modeling for Secure Embedded Software SECURITY INNOVATION & KLOCWORK WHITE PAPER JUNE 2011 Threat Modeling for Secure Embedded Software As embedded software becomes more ubiquitous and connected powering everything from home appliances and

More information

Information Security. Training

Information Security. Training Information Security Training Importance of Information Security Training There is only one way to keep your product plans safe and that is by having a trained, aware and a conscientious workforce. - Kevin

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

Improving Software Security at the. Source

Improving Software Security at the. Source Improving Software Security at the Source Greg Snyder Privacy & Security RIT January 28, 2006 Abstract While computer security has become a major focus of information technology professionals due to patching

More information

Master of Science in Information Systems & Security Management. Courses Descriptions

Master of Science in Information Systems & Security Management. Courses Descriptions Master of Science in Information Systems & Security Management Security Related Courses Courses Descriptions ISSM 530. Information Security. 1 st Semester. Lect. 3, 3 credits. This is an introductory course

More information

Aligning Application Security and Compliance

Aligning Application Security and Compliance Aligning Application Security and Compliance A Security Innovation Whitepaper 187 Ballardvale Street, Wilmington, MA 01887 +1.978.694.1008 2 Table of Contents Application Security: The Next Frontier of

More information

Web application security: automated scanning versus manual penetration testing.

Web application security: automated scanning versus manual penetration testing. Web application security White paper January 2008 Web application security: automated scanning versus manual penetration testing. Danny Allan, strategic research analyst, IBM Software Group Page 2 Contents

More information

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business 6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web

More information

Security for a Smarter Planet. 2011 IBM Corporation All Rights Reserved.

Security for a Smarter Planet. 2011 IBM Corporation All Rights Reserved. Security for a Smarter Planet The Smarter Planet Our world is getting Instrumented Our world is getting Interconnected Our world is getting Intelligent Growing Security Challenges on the Smarter Planet

More information

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP Threat Modeling Categorizing the nature and severity of system vulnerabilities John B. Dickson, CISSP What is Threat Modeling? Structured approach to identifying, quantifying, and addressing threats. Threat

More information

Web application testing

Web application testing CL-WTS Web application testing Classroom 2 days Testing plays a very important role in ensuring security and robustness of web applications. Various approaches from high level auditing through penetration

More information

Web Application Security

Web Application Security Chapter 1 Web Application Security In this chapter: OWASP Top 10..........................................................2 General Principles to Live By.............................................. 4

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) CORE Security and the Payment Card Industry Data Security Standard (PCI DSS) Addressing the PCI DSS with Predictive Security Intelligence Solutions from CORE Security CORE Security +1 617.399-6980 info@coresecurity.com

More information

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001

ETHICAL HACKING 010101010101APPLICATIO 00100101010WIRELESS110 00NETWORK1100011000 101001010101011APPLICATION0 1100011010MOBILE0001010 10101MOBILE0001 001011 1100010110 0010110001 010110001 0110001011000 011000101100 010101010101APPLICATIO 0 010WIRELESS110001 10100MOBILE00010100111010 0010NETW110001100001 10101APPLICATION00010 00100101010WIRELESS110

More information

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY)

KEN VAN WYK. Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) TECHNOLOGY TRANSFER PRESENTS KEN VAN WYK Fundamentals of Secure Coding and how to break Software MARCH 19-23, 2007 RESIDENZA DI RIPETTA - VIA DI RIPETTA, 231 ROME (ITALY) info@technologytransfer.it www.technologytransfer.it

More information

Managing Vulnerabilities For PCI Compliance

Managing Vulnerabilities For PCI Compliance Managing Vulnerabilities For PCI Compliance Christopher S. Harper Vice President of Technical Services, Secure Enterprise Computing, Inc. June 2012 NOTE CONCERNING INTELLECTUAL PROPERTY AND SOLUTIONS OF

More information

BIG SHIFT TO CLOUD-BASED SECURITY

BIG SHIFT TO CLOUD-BASED SECURITY GUIDE THE BIG SHIFT TO CLOUD-BASED SECURITY How mid-sized and smaller organizations can manage their IT risks and meet regulatory compliance with minimal staff and budget. CONTINUOUS SECURITY TABLE OF

More information

ALERT LOGIC FOR HIPAA COMPLIANCE

ALERT LOGIC FOR HIPAA COMPLIANCE SOLUTION OVERVIEW: ALERT LOGIC FOR HIPAA COMPLIANCE AN OUNCE OF PREVENTION IS WORTH A POUND OF CURE Alert Logic provides organizations with the most advanced and cost-effective means to secure their healthcare

More information

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP Presentation Overview Basic Application Security (AppSec) Fundamentals Risks Associated With

More information

Review: McAfee Vulnerability Manager

Review: McAfee Vulnerability Manager Review: McAfee Vulnerability Manager S3KUR3, Inc. Communicating Complex Concepts in Simple Terms Tony Bradley, CISSP, Microsoft MVP September 2010 Threats and vulnerabilities are a way of life for IT admins.

More information

SAFECode Security Development Lifecycle (SDL)

SAFECode Security Development Lifecycle (SDL) SAFECode Security Development Lifecycle (SDL) Michael Howard Microsoft Matthew Coles EMC 15th Semi-annual Software Assurance Forum, September 12-16, 2011 Agenda Introduction to SAFECode Security Training

More information

Enterprise Application Security Program

Enterprise Application Security Program Enterprise Application Security Program GE s approach to solving the root cause and establishing a Center of Excellence Darren Challey GE Application Security Leader Agenda Why is AppSec important? Why

More information

Information Technology Security Review April 16, 2012

Information Technology Security Review April 16, 2012 Information Technology Security Review April 16, 2012 The Office of the City Auditor conducted this project in accordance with the International Standards for the Professional Practice of Internal Auditing

More information

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1

PCI Policy Compliance Using Information Security Policies Made Easy. PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy PCI Policy Compliance Information Shield Page 1 PCI Policy Compliance Using Information Security Policies Made Easy By David J Lineman

More information

DANNY ALLAN, STRATEGIC RESEARCH ANALYST. A whitepaper from Watchfire

DANNY ALLAN, STRATEGIC RESEARCH ANALYST. A whitepaper from Watchfire WEB APPLICATION SECURITY: AUTOMATED SCANNING OR MANUAL PENETRATION TESTING? DANNY ALLAN, STRATEGIC RESEARCH ANALYST A whitepaper from Watchfire TABLE OF CONTENTS Introduction... 1 History... 1 Vulnerability

More information

Feature. Log Management: A Pragmatic Approach to PCI DSS

Feature. Log Management: A Pragmatic Approach to PCI DSS Feature Prakhar Srivastava is a senior consultant with Infosys Technologies Ltd. and is part of the Infrastructure Transformation Services Group. Srivastava is a solutions-oriented IT professional who

More information

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management

White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES. By James Christiansen, VP, Information Risk Management White Paper THE FOUR ATTACK VECTORS TO PREVENT OR DETECT RETAILER BREACHES By James Christiansen, VP, Information Risk Management Executive Summary Security breaches in the retail sector are becoming more

More information

The monsters under the bed are real... 2004 World Tour

The monsters under the bed are real... 2004 World Tour Web Hacking LIVE! The monsters under the bed are real... 2004 World Tour Agenda Wichita ISSA August 6 th, 2004 The Application Security Dilemma How Bad is it, Really? Overview of Application Architectures

More information

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP) Title: Functional Category: Information Technology Services Issuing Department: Information Technology Services Code Number: xx.xxx.xx Effective Date: xx/xx/2014 1.0 PURPOSE 1.1 To appropriately manage

More information

.trustwave.com Updated October 9, 2007 TECHNICAL ASSISTANCE CENTER (TAC) SUPPORT GUIDE

.trustwave.com Updated October 9, 2007 TECHNICAL ASSISTANCE CENTER (TAC) SUPPORT GUIDE .trustwave.com Updated October 9, 2007 TECHNICAL ASSISTANCE CENTER (TAC) SUPPORT GUIDE Legal Notice Copyright 2015 Trustwave Holdings, Inc. All rights reserved. This document is protected by copyright

More information

Enterprise Computing Solutions

Enterprise Computing Solutions Business Intelligence Data Center Cloud Mobility Enterprise Computing Solutions Security Solutions arrow.com Security Solutions Secure the integrity of your systems and data today with the one company

More information

SecurityMetrics Vision whitepaper

SecurityMetrics Vision whitepaper SecurityMetrics Vision whitepaper 1 SecurityMetrics Vision: Network Threat Sensor for Small Businesses Small Businesses at Risk for Data Theft Small businesses are the primary target for card data theft,

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

Making your web application. White paper - August 2014. secure

Making your web application. White paper - August 2014. secure Making your web application White paper - August 2014 secure User Acceptance Tests Test Case Execution Quality Definition Test Design Test Plan Test Case Development Table of Contents Introduction 1 Why

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform

Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform Threat landscape how are you getting attacked and what can you do better protect yourself and your e-commerce platform Sebastian Zabala Senior Systems Engineer 2013 Trustwave Holdings, Inc. 1 THREAT MANAGEMENT

More information

Software Development: The Next Security Frontier

Software Development: The Next Security Frontier James E. Molini, CISSP, CSSLP Microsoft Member, (ISC)² Advisory Board of the Americas jmolini@microsoft.com http://www.codeguard.org/blog Software Development: The Next Security Frontier De-perimiterization

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle

More information

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Web application security Executive brief Managing a growing threat: an executive s guide to Web application security. Danny Allan, strategic research analyst, IBM Software Group Contents 2 Introduction

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold

The Essentials Series. PCI Compliance. sponsored by. by Rebecca Herold The Essentials Series PCI Compliance sponsored by by Rebecca Herold Using PCI DSS Compliant Log Management to Identify Attacks from Outside the Enterprise...1 Outside Attacks Impact Business...1 PCI DSS

More information

Clavister InSight TM. Protecting Values

Clavister InSight TM. Protecting Values Clavister InSight TM Clavister SSP Security Services Platform firewall VPN termination intrusion prevention anti-virus anti-spam content filtering traffic shaping authentication Protecting Values & Enterprise-wide

More information

white SECURITY TESTING WHITE PAPER

white SECURITY TESTING WHITE PAPER white SECURITY TESTING WHITE PAPER Contents: Introduction...3 The Need for Security Testing...4 Security Scorecards...5 Test Approach... 11 Framework... 16 Project Initiation Process... 17 Conclusion...

More information

Your world runs on applications. Secure them with Veracode.

Your world runs on applications. Secure them with Veracode. Application Risk Management Solutions Your world runs on applications. Secure them with Veracode. Software Security Simplified Application security risk is inherent in every organization that relies on

More information

Programming Flaws and How to Fix Them

Programming Flaws and How to Fix Them 19 ö Programming Flaws and How to Fix Them MICHAEL HOWARD DAVID LEBLANC JOHN VIEGA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City- Milan New Delhi San Juan Seoul Singapore

More information

WHITEPAPER. Nessus Exploit Integration

WHITEPAPER. Nessus Exploit Integration Nessus Exploit Integration v2 Tenable Network Security has committed to providing context around vulnerabilities, and correlating them to other sources, such as available exploits. We currently pull information

More information

PCI Data Security Standard 3.0

PCI Data Security Standard 3.0 SECURELY ENABLING BUSINESS PCI Data Security Standard 3.0 Training Strategies That Work Presented by Doug Hall May 20, 2014 AGENDA PCI DSS 3.0 Training Strategies That Work PCI DSS 3.0 Overview PCI Training

More information

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program

WhiteHat Security White Paper. Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program WhiteHat Security White Paper Top 11 PCI DSS 3.0 Changes That Will Affect Your Application Security Program October 2015 The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services Information Security Services Achieving PCI compliance with Dell SecureWorks security services Executive summary In October 2010, the Payment Card Industry (PCI) issued the new Data Security Standard (DSS)

More information

Privilege Gone Wild: The State of Privileged Account Management in 2015

Privilege Gone Wild: The State of Privileged Account Management in 2015 Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...

More information

SECURITY. Risk & Compliance Services

SECURITY. Risk & Compliance Services SECURITY Risk & Compliance s V1 8/2010 Risk & Compliances s Risk & compliance services Summary Summary Trace3 offers a full and complete line of security assessment services designed to help you minimize

More information

Rational AppScan & Ounce Products

Rational AppScan & Ounce Products IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168

More information

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013

PASTA Abstract. Process for Attack S imulation & Threat Assessment Abstract. VerSprite, LLC Copyright 2013 2013 PASTA Abstract Process for Attack S imulation & Threat Assessment Abstract VerSprite, LLC Copyright 2013 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information