Contact Us Privacy Policy
SC_01: Application Security for Managers
Length of Class 1 day
Audience Information Security and Software Development Managers
Objective

This course aims to teach managers their important role in application security and gives them a general understanding of the threat landscape, controls, and manager's role in an application security program.
Summary

This class teaches managers in information security and application development the importance and implications of application security. It discusses the role of the manager in achieving a strong application security program.
Description

Application security is quickly becoming the latest trend in the field of information security. Many organizations are rushing to build a secure Software Development Life Cycle (SDLC) and hire application security subject matter experts.

In order to ensure their resources are being directed appropriately, organizations need to empower their information security and software development managers with knowledge of this new field.

The Application Security for Managers class equips students with first hand experience in application security attacks so that they understand the nature of the threat. Exercises are less technically detailed than other classes and aim to illustrate the ease of attacks rather than the specifics of how they can be executed.

Using this first hand knowledge as background, students learn the essential components of an effective application security program including people, processes and technology. Principles of a secure SDLC are discussed, along with necessary policy changes, training & awareness, and various processes required to secure the SDLC.

Given their unique higher-level vantage point, students learn about enterprise wide security controls including data classification, identity management, and logging and monitoring. Students examine the pros and cons of each of these controls and how individual teams can leverage them.
Requisite Knowledge IT management experience
Curriculum Part 1: Application Security - The Threats
  • Attack vectors
  • Hands on exploit examples
  • Security as a band-aid solution
Part 2: Application Security Programs
  • Secure SDLC
  • Policies, procedures, baselines and guidelines
  • Key players in application security
  • Training and awareness
  • Threat analysis
  • Audits and penetration testing
  • Risk analysis
Part 3: Enterprise Controls
  • Data classification
  • Identity management
  • Logging and monitoring
Copyright © 2007-2008 Security Compass. All Rights Reserved.