flevyblog

Flevy Blog is an online business magazine covering Business Strategies, Business Theories, & Business Stories.
MANAGEMENT & LEADERSHIP STRATEGY, MARKETING, SALES OPERATIONS & SUPPLY CHAIN ORGANIZATION & CHANGE IT/MIS Other

The Key to Continuous Security Improvement? A Rugged Culture of Information Security

In the age of rapid technological progress, where Digital Transformation has become pervasive, business applications are getting increasingly complex and interconnected.  The advancement in technology has also helped attackers get more aggressive and inflict more damage to IT systems and applications.  Application security tools and techniques are evolving too, yet most organizations still fall prey to vulnerabilities.  Cybersecurity has become a bigger threat than ever before.

The current application security methodologies mainly count on detecting weaknesses and correcting them.  Most organizations, primarily, rely on utilizing penetration testing or automated tools, at the most.  They ignore to concentrate on establishing strong defenses against threats, merely do patch work, and leave the weaknesses unguarded.  A small fraction implement threat modeling, security architecture, secure coding techniques, and security testing—but even they are typically unsure of how these approaches link with their strategic business objectives.

A few weaknesses constitute majority of break-ins–e.g., SQL injections and buffer overflows.  Major security threats and application vulnerabilities include compromised credentials, failure to patch promptly, SQL injections, and cross-site scripting.  A large number of security threats can be neutralized just by taking care of security hygiene.

Secure Software Development

State-of-the-art technology and best practices available today offer effective yet economical methods to prevent security breaches and threats.  These tools and practices work well without affecting the pace of delivery or straining the users unnecessarily.

Secure software development not only warrants analyzing the technology but also looking at the entire organization that creates the software—people, processes, tools, and culture.  Secure software development culture inspires security by promoting and improving communication, collaboration, and competition on security topics and rapidly evolving the competence to create available, survivable, defensible, secure, and resilient software.

Rugged Software and a Culture of Security

Rugged software, or Rugged DevOps, promotes developing secure and resilient software by embedding this practice into the culture of an organization.  A Rugged culture of security is more than just secure—secure is a state of affairs at a specific time whereas Rugged means staying ahead of threats over time.  The rugged code aligns with the organizational objectives and can cope with any challenges.  Rugged enterprises constantly tweak their code and their internal organization—including governance, architecture, infrastructure, and operations—to stay ahead of attacks.  All applications developed by “Rugged” organizations are well-secured against threats, are able to self-evaluate and distinguish ongoing attacks, report security statuses, and take action aptly.

Rugged software is a consequence of the efforts to rationalize and fortify security.  This is achieved by communicating the lessons learnt from experimentation, setting up stringent lines of defense, and adopting and sharing rigid safety procedures across the board.  Adopting Rugged software development practices across the enterprise help execute more applications promptly, improve security, and achieve cost savings across the software development life-cycle.  Rugged software development is cost efficient because of fewer labor and time requisites during the requirements, design, execution, testing, iteration, and training phases of the development life-cycle.

The following 10 guiding principles apply to all organizations aiming to develop a Rugged culture of security:

  1. Perpetual Attacks Anticipation
  2. Staying Informed
  3. Security Hygiene
  4. Continuous Improvement
  5. Zero-defect Approach
  6. Reusable Tools
  7. One Team
  8. Comprehensive Testing
  9. Threat Modeling
  10. Peer Reviews

Let’s discuss the first 5 principles for now.

Perpetual Attacks Anticipation

A Rugged software development organization anticipates nonstop vulnerabilities and attacks—deliberate or accidental.

Staying Informed

Rugged organizations appreciate staying informed about security issues and potential threats, seek recommendations from security specialists, and identify and update security policies and rules.

Security Hygiene

Rugged organizations take good care of their security hygiene by limiting the sharing of user accounts, carefully guarding the passwords and sensitive personal information.  They employ secure software practices.

Continuous Improvement

Continuous Improvement is the management principle foundational to Lean Management that should be embraced by all areas of an organization.  In case sensitive information is left lying on somebody’s desk at night, Rugged organizations ensure that this does not recur in future and gather feedback from the people who happen to notice it.

Zero-defect Approach

Rugged organizations leave no room to tolerate any known weaknesses.  An issue is resolved as soon as it is detected.

Interested in learning more about the guiding principles to develop a Rugged culture of security?  You can download an editable PowerPoint on the Culture of Security here on the Flevy documents marketplace.

Are you a Management Consultant?

You can download this and hundreds of other consulting frameworks and consulting training guides from the FlevyPro library.

About Mark Bridges

Mark Bridges is a Senior Director of Strategy at Flevy. Flevy is your go-to resource for best practices in business management, covering management topics from Strategic Planning to Operational Excellence to Digital Transformation (view full list here). Learn how the Fortune 100 and global consulting firms do it. Improve the growth and efficiency of your organization by leveraging Flevy's library of best practice methodologies and templates. Prior to Flevy, Mark worked as an Associate at McKinsey & Co. and holds an MBA from the Booth School of Business at the University of Chicago. You can connect with Mark on LinkedIn here.

, , , , , , ,




Complimentary Business Training Guides


Many companies develop robust strategies, but struggle with operationalizing their strategies into implementable steps. This presentation from flevy introduces 12 powerful business frameworks spanning both Strategy Development and Strategy Execution. [Learn more]   This 48-page whitepaper, authored by consultancy Envisioning, provides the frameworks, tools, and insights needed to manage serious Change—under the backdrop of the business lifecycle. These lifecycle stages are each marked by distinct attributes, challenges, and behaviors. [Learn more]
We've developed a very comprehensive collection of Strategy & Transformation PowerPoint templates for you to use in your own business presentations, spanning topics from Growth Strategy to Brand Development to Innovation to Customer Experience to Strategic Management. [Learn more]   We have compiled a collection of 10 Lean Six Sigma templates (Excel) and Operational Excellence guides (PowerPoint) by a multitude of LSS experts. These tools cover topics including 8 Disciplines (8D), 5 Why's, 7 Wastes, Value Stream Mapping (VSM), and DMAIC. [Learn more]
Recent Articles by Corporate Function

  

  

  

  

  


The Flevy Business Blog (http://flevy.com/blog) is a leading source of information on business strategies, business theories, and business stories. Most articles have been contributed for management consultants and industry executives with over 20 years of experience. If you would like to contribute an article, please email our editor David Tang at [email protected].

Flevy (http://flevy.com) is the marketplace for premium business documents, such as management frameworks, presentation templates, and financial models. Our documents are of the same caliber produced by top tier consulting firms, like McKinsey, Bain, Accenture, BCG, and Deloitte. Learn more about Flevy here.


Connect with Flevy:

   
  


About Flevy.com   /   Terms   /   Privacy Policy
© 2020. Flevy LLC. All Rights Reserved.