8. Cost of Security Lapse
• After release, it costs 30 times more than the fix done in design
phase ( As per National Institute of Standards and Technology)
• Goodwill Loss - Customer’s productivity and confidence.
2.5x
5x
10x
15x
30x
0
5
10
15
20
25
30
35
Requirement/
Architecture
Coding Integration/Component
Testing
System/ Acceptance
Testing
Production/ Post
Release
9. SDL – “Secure Development Lifecycle”
SDL helps us reduce Products maintenance costs and increase
reliability of software concerning Security related issues.
23. • Incident response
• Providing fixes on zero day vulnerability
• Forensics Analysis
• Binary Vulnerability Scanning
• Responsible Disclosure
24.
25. • Security is not a goal that can be reached
• New vulnerabilities are discovered daily
• Threats continue to evolve
• Weak points in the system change, becoming new points of attack
• Security is a process and an attitude
SDL – “Secure Development Lifecycle”
26. Reference
•http://nvlpubs.nist.gov/
•NIST 800-82 Guide to Industrial Control
Systems (ICS) Security
•Microsoft SDL
•www.recordedfuture.com
•http://www.isasecure.org/
•NERC - North American Electric Reliability
Corporation
•IEC 62443 (formerly ISA-99)
•ISO 27001 and 27002
•OWASP - www.owasp.org/
•SE PSO wiki
The key to successful
cyber defence is
preparation...
Thank you.