For most organisations it is a complex task, requiring specialist skill, to develop a comprehensive security environment encompassing strategy, guidelines and policies, as well as the processes, methodologies and standards for the design, development, testing, deployment and maintenance of applications.
We work with organisations to understand their risk profile and to ensure the policies essential to ensuring security are in line with the business requirements. With our detailed understanding of the technology and products available we work to ensure an organisation’s proposed architecture can be implemented, is cost effective and manageable.
Our consulting services extend to:
• Developing application security strategy
• Developing frameworks, standards, guidelines and policies
• Performing application security business risk assessments
• Assessing application security data protection requirements
• Designing and reviewing secure lifecycle development.
In more detail:
Application security strategy
We consider each of the application security objectives for an organisation in order to deliver a high-level business document covering technology and application strategy. We incorporate technical details in supporting documents including Application Security Framework Standards, Technology Guides, Architecture Platforms and Application Security Roadmaps.
We also work with organisations to regularly review and update the Application Security Strategy as a ‘living’ document to ensure new technologies or changes can be revisited and adopted as required.
Application security framework
We can provide your organisation with a clearly defined and formally documented organisation-wide Application Security Framework with proven and repeatable processes and methodologies for successfully incorporating security into application design, development, testing, deployment and maintenance.
Application security standards
Our Application Security Standards provide a basic methodology and criteria for developing applications within your organisation. They cover, in sufficient detail, common industry standard security controls so that your developers, project managers or application design architects can easily adapt the controls identified within the standards to your application environment.
We ensure the security controls documented are technologically ‘agnostic’, that is, written at such a level that they can be implemented regardless of the technology involved.
Secure lifecycle development
We can recommend a secure lifecycle development process to ensure that, from day one, your application identifies and addresses security concerns.