{"id":6068,"date":"2020-01-14T06:06:32","date_gmt":"2020-01-14T11:06:32","guid":{"rendered":"http:\/\/flevy.com\/blog\/?p=6068"},"modified":"2020-12-18T22:30:15","modified_gmt":"2020-12-19T03:30:15","slug":"the-key-to-continuous-security-improvement-a-rugged-culture-of-information-security","status":"publish","type":"post","link":"https:\/\/flevy.com\/blog\/the-key-to-continuous-security-improvement-a-rugged-culture-of-information-security\/","title":{"rendered":"The Key to Continuous Security Improvement? A Rugged Culture of Information Security"},"content":{"rendered":"

\"\"In the age of rapid technological progress, where Digital Transformation<\/a> has become pervasive, business applications are getting increasingly complex and interconnected. \u00a0The advancement in technology has also helped attackers get more aggressive and inflict more damage to IT systems and applications.\u00a0 Application security tools and techniques are evolving too, yet most organizations still fall prey to vulnerabilities.\u00a0 Cybersecurity<\/a> has become a bigger threat than ever before.<\/p>\n

The current application security methodologies mainly count on detecting weaknesses and correcting them. \u00a0Most organizations, primarily, rely on utilizing penetration testing or automated tools, at the most.\u00a0 They ignore to concentrate on establishing strong defenses against threats, merely do patch work, and leave the weaknesses unguarded.\u00a0 A small fraction implement threat modeling, security architecture, secure coding techniques, and security testing\u2014but even they are typically unsure of how these approaches link with their strategic business objectives.<\/p>\n

A few weaknesses constitute majority of break-ins–e.g., SQL injections<\/a> and buffer overflows<\/a>.\u00a0 Major security threats and application vulnerabilities include compromised credentials, failure to patch promptly, SQL injections, and cross-site scripting. \u00a0A large number of security threats can be neutralized just by taking care of security hygiene.<\/p>\n

Secure Software Development <\/strong><\/h2>\n

State-of-the-art technology and best practices available today offer effective yet economical methods to prevent security breaches and threats.\u00a0 These tools and practices work well without affecting the pace of delivery or straining the users unnecessarily.<\/p>\n

Secure software development not only warrants analyzing the technology but also looking at the entire organization that creates the software\u2014people, processes, tools, and culture. \u00a0Secure software development culture inspires security by promoting and improving communication, collaboration, and competition on security topics and rapidly evolving the competence to create available, survivable, defensible, secure, and resilient software.<\/p>\n

Rugged Software and a Culture of Security <\/strong><\/h2>\n

Rugged software, or Rugged DevOps, promotes developing secure and resilient software by embedding this practice into the culture of an organization. \u00a0A Rugged culture of security is more than just secure\u2014secure is a state of affairs at a specific time whereas Rugged means staying ahead of threats over time.\u00a0 The rugged code aligns with the organizational objectives and can cope with any challenges. \u00a0Rugged enterprises constantly tweak their code and their internal organization\u2014including governance, architecture, infrastructure, and operations\u2014to stay ahead of attacks.\u00a0 All applications developed by \u201cRugged\u201d organizations are well-secured against threats, are able to self-evaluate and distinguish ongoing attacks, report security statuses, and take action aptly.<\/p>\n

Rugged software is a consequence of the efforts to rationalize and fortify security.\u00a0 This is achieved by communicating the lessons learnt from experimentation, setting up stringent lines of defense, and adopting and sharing rigid safety procedures across the board.\u00a0 Adopting Rugged software development practices across the enterprise help execute more applications promptly, improve security, and achieve cost savings across the software development life-cycle.\u00a0 Rugged software development is cost efficient because of fewer labor and time requisites during the requirements, design, execution, testing, iteration, and training phases of the development life-cycle.<\/p>\n

The following 10 guiding principles apply to all organizations aiming to develop a Rugged culture of security<\/a>:<\/p>\n

    \n
  1. Perpetual Attacks Anticipation <\/strong><\/li>\n
  2. Staying Informed <\/strong><\/li>\n
  3. Security Hygiene <\/strong><\/li>\n
  4. Continuous Improvement <\/strong><\/li>\n
  5. Zero-defect Approach<\/strong><\/li>\n
  6. Reusable Tools<\/strong><\/li>\n
  7. One Team<\/strong><\/li>\n
  8. Comprehensive Testing<\/strong><\/li>\n
  9. Threat Modeling<\/strong><\/li>\n
  10. Peer Reviews <\/strong><\/li>\n<\/ol>\n

    \"\"<\/a><\/p>\n

    Let\u2019s discuss the first 5 principles for now.<\/p>\n

    Perpetual Attacks Anticipation<\/strong><\/h2>\n

    A Rugged software development organization anticipates nonstop vulnerabilities and attacks\u2014deliberate or accidental.<\/p>\n

    Staying Informed <\/strong><\/h2>\n

    Rugged organizations appreciate staying informed about security issues and potential threats, seek recommendations from security specialists, and identify and update security policies and rules.<\/p>\n

    Security Hygiene <\/strong><\/h2>\n

    Rugged organizations take good care of their security hygiene by limiting the sharing of user accounts, carefully guarding the passwords and sensitive personal information. \u00a0They employ secure software practices.<\/p>\n

    Continuous Improvement <\/strong><\/h2>\n

    Continuous Improvement<\/a> is the management principle foundational to Lean Management that should be embraced by all areas of an organization.\u00a0 In case sensitive information is left lying on somebody\u2019s desk at night, Rugged organizations ensure that this does not recur in future and gather feedback from the people who happen to notice it.<\/p>\n

    Zero-defect Approach<\/strong><\/h2>\n

    Rugged organizations leave no room to tolerate any known weaknesses. \u00a0An issue is resolved as soon as it is detected.<\/p>\n

    Interested in learning more about the guiding principles to develop a Rugged culture of security<\/a>?\u00a0 You can download an editable PowerPoint on the\u00a0<\/u>Culture of Security<\/a><\/u><\/strong><\/u> here<\/u><\/strong> on the Flevy documents marketplace<\/a>.<\/p>\n

    Do You Find Value in This Framework?<\/h2>\n

    You can download in-depth presentations on this and hundreds of similar business frameworks from the FlevyPro Library<\/a>. FlevyPro<\/a> is trusted and utilized by 1000s of management consultants and corporate executives. Here’s what some have to say:<\/p>\n

    “My FlevyPro subscription provides me with the most popular frameworks and decks in demand in today\u2019s market. They not only augment my existing consulting and coaching offerings and delivery, but also keep me abreast of the latest trends, inspire new products and service offerings for my practice, and educate me in a fraction of the time and money of other solutions. I strongly recommend FlevyPro to any consultant serious about success.”<\/p>\n

    \u2013 Bill Branson, Founder at Strategic Business Architects<\/p>\n<\/blockquote>\n

    “As a niche strategic consulting firm, Flevy and FlevyPro frameworks and documents are an on-going reference to help us structure our findings and recommendations to our clients as well as improve their clarity, strength, and visual power. For us, it is an invaluable resource to increase our impact and value.”<\/p>\n

    \u2013 David Coloma, Consulting Area Manager at Cynertia Consulting<\/p>\n<\/blockquote>\n

    “As a small business owner, the resource material available from FlevyPro has proven to be invaluable. The ability to search for material on demand based our project events and client requirements was great for me and proved very beneficial to my clients. Importantly, being able to easily edit and tailor the material for specific purposes helped us to make presentations, knowledge sharing, and toolkit development, which formed part of the overall program collateral. While FlevyPro contains resource material that any consultancy, project or delivery firm must have, it is an essential part of a small firm or independent consultant’s toolbox.”<\/p>\n

    \u2013 Michael Duff, Managing Director at Change Strategy (UK)<\/p>\n<\/blockquote>\n

    “FlevyPro has been a brilliant resource for me, as an independent growth consultant, to access a vast knowledge bank of presentations to support my work with clients. In terms of RoI, the value I received from the very first presentation I downloaded paid for my subscription many times over! The quality of the decks available allows me to punch way above my weight \u2013 it’s like having the resources of a Big 4 consultancy at your fingertips at a microscopic fraction of the overhead.”<\/p>\n

    \u2013 Roderick Cameron, Founding Partner at SGFE Ltd<\/p>\n<\/blockquote>\n

    “Several times a month, I browse FlevyPro for presentations relevant to the job challenge I have (I am a consultant). When the subject requires it, I explore further and buy from the Flevy Marketplace. On all occasions, I read them, analyze them. I take the most relevant and applicable ideas for my work; and, of course, all this translates to my and my clients’ benefits.”<\/p>\n

    \u2013 Omar Hern\u00e1n Montes Parra, CEO at Quantum SFE<\/p>\n<\/blockquote>\n","protected":false},"excerpt":{"rendered":"

    In the age of rapid technological progress, where Digital Transformation has become pervasive, business applications are getting increasingly complex and interconnected. \u00a0The advancement in technology has also helped attackers get more aggressive and inflict more damage to IT systems and applications.\u00a0 Application security tools and techniques are evolving too, yet most organizations still fall prey… The Key to Continuous Security Improvement? A Rugged Culture of Information Security<\/span><\/a><\/p>\n","protected":false},"author":110,"featured_media":6121,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[84],"tags":[31,1880,1879,1881,1878,1882,1877,1883],"class_list":["post-6068","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-information-technology","tag-continuous-improvement","tag-culture-of-security","tag-rugged-culture","tag-rugged-organizations","tag-rugged-software","tag-secure-software-development","tag-software-development","tag-zero-defect-approach"],"_links":{"self":[{"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/posts\/6068","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/users\/110"}],"replies":[{"embeddable":true,"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/comments?post=6068"}],"version-history":[{"count":7,"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/posts\/6068\/revisions"}],"predecessor-version":[{"id":7853,"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/posts\/6068\/revisions\/7853"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/media\/6121"}],"wp:attachment":[{"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/media?parent=6068"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/categories?post=6068"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/flevy.com\/blog\/wp-json\/wp\/v2\/tags?post=6068"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}