The subject of Risk is an old topic in Program and Project Management circles, identifying risks and developing strategies is the vision of success or the apparition of failure. There are thousands of floors of compliance personnel developing Risk Strategies around the world, multiples of those floors for single companies!
The benefits of developing a working Risk Strategy in Application Security is such a strategy can provide effective defense against a software breach, identify the costs to fix the breach by application, flaw or developer hour, or all three! In addition, a risk strategy using a survey or questionnaire can giveaway important application inventory data.
In working with several clients to build Risk Assessment and Governance Strategies in support of their Application Security programs, I’ve identified four key steps to properly develop a working strategy.
Using this blueprint the next four blog posts will give a deeper understanding of each and include additional detail to help start the conversation on Risk Assessments within your Application Security program.