Home > Resources > Whitepapers > Using Metrics to Manage Your Application Security Program

Using Metrics to Manage Your Application Security Program

In this paper, we’ll look at the first steps in measuring your AppSec program, starting with how to use metrics to understand what is working and where you need to improve, to identify and solve problems, and to build a case for making further investments in your program. Ultimately, the goal is to make AppSec part of the organization’s culture, and ensure it’s relevant to business units and meaningful to executives.

I'm For Real

Enter your details once to access all our information and resources

Spotlight

Cisco

Cisco (NASDAQ: CSCO) enables people to make powerful connections--whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible--providing easy access to information anywhere, at any time. Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company's inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 65,225 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company's core development areas of routing and switching, as well as in advanced technologies such as home networking, IP telephony, optical networking, security, storage area networking, and wireless technology. In addition to its products, Cisco provides a broad range of service offerings, including technical su

OTHER WHITEPAPERS
news image

DeltaV SIS™ and Cybersecurity

whitePaper | November 28, 2019

Safety Instrumented Systems (SIS) are designed to keep processes safe, especially during critical situations. With this concept in mind, it is paramount that the SIS components are not taken down due to cyber-threats. The purpose of this white paper is to explain, in detail, the Emerson approach for cybersecurity as well as the built-in security features available within the DeltaV SIS process safety system.

Read More
news image

Zero Trust Maturity Model

whitePaper | April 28, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Read More
news image

Data Services Cloud Console Security Guide

whitePaper | March 2, 2023

Cloud-based management from Hewlett Packard Enterprise offers many advantages for both data infrastructure and the data itself. Data Services Cloud Console (DSCC) is the HPE cloud-based application for current and future data and storage management.

Read More
news image

Unidirectional Security Gateways: Enabling Secure IT-OT Communications

whitePaper | June 28, 2022

Braking performance, corner analysis, pit stop strategy breakdowns. To watch a Formula 1 race today is as much about being an adrenaline junkie as it is being a data geek, thanks to the 300 sensors on an F1 car sending more than 1.1 million data points to the pits every second1.

Read More
news image

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

whitePaper | January 16, 2020

Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise. In fact, cyber security is now increasingly reviewed by corporate boards of directors and often discussed with financial analysts who see cyber security risk as an imminent and paramount business risk. Because the consequences of cyber security failures can be damaging to business revenues and brand reputation, CEOs have lost their positions as a result of data breaches and inept preparation and planning.

Read More
news image

Fujitsu PRIMERGY Server Security Overview

whitePaper | May 22, 2023

During the last few years server security has become a key building block for end-to-end security. We see strongly increasing cyber-attacks on server infrastructure, which results in an intense need for server security. This whitepaper presents an overview of the security features which are available for PRIMERGY server.

Read More

DeltaV SIS™ and Cybersecurity

whitePaper | November 28, 2019

Safety Instrumented Systems (SIS) are designed to keep processes safe, especially during critical situations. With this concept in mind, it is paramount that the SIS components are not taken down due to cyber-threats. The purpose of this white paper is to explain, in detail, the Emerson approach for cybersecurity as well as the built-in security features available within the DeltaV SIS process safety system.

Read More

Zero Trust Maturity Model

whitePaper | April 28, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) leads the nation’s effort to understand, manage, and reduce cybersecurity risk, including by supporting Federal Civilian Executive Branch agencies in evolving and operationalizing cybersecurity programs and capabilities. CISA’s Zero Trust Maturity Model (ZTMM) provides an approach to achieve continued modernization efforts related to zero trust within a rapidly evolving environment and technology landscape. This ZTMM is one of many paths that an organization can take in designing and implementing their transition plan to zero trust architectures in accordance with Executive Order (EO) 14028 “Improving the Nation’s Cybersecurity” § (3)(b)(ii),1 which requires that agencies develop a plan to implement a Zero Trust Architecture (ZTA). While the ZTMM is specifically tailored for federal agencies as required by EO 14028, all organizations should review and consider adoption of the approaches outlined in this document.

Read More

Data Services Cloud Console Security Guide

whitePaper | March 2, 2023

Cloud-based management from Hewlett Packard Enterprise offers many advantages for both data infrastructure and the data itself. Data Services Cloud Console (DSCC) is the HPE cloud-based application for current and future data and storage management.

Read More

Unidirectional Security Gateways: Enabling Secure IT-OT Communications

whitePaper | June 28, 2022

Braking performance, corner analysis, pit stop strategy breakdowns. To watch a Formula 1 race today is as much about being an adrenaline junkie as it is being a data geek, thanks to the 300 sensors on an F1 car sending more than 1.1 million data points to the pits every second1.

Read More

Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise

whitePaper | January 16, 2020

Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise. In fact, cyber security is now increasingly reviewed by corporate boards of directors and often discussed with financial analysts who see cyber security risk as an imminent and paramount business risk. Because the consequences of cyber security failures can be damaging to business revenues and brand reputation, CEOs have lost their positions as a result of data breaches and inept preparation and planning.

Read More

Fujitsu PRIMERGY Server Security Overview

whitePaper | May 22, 2023

During the last few years server security has become a key building block for end-to-end security. We see strongly increasing cyber-attacks on server infrastructure, which results in an intense need for server security. This whitepaper presents an overview of the security features which are available for PRIMERGY server.

Read More
More Whitepapers

Spotlight

Cisco

Cisco (NASDAQ: CSCO) enables people to make powerful connections--whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible--providing easy access to information anywhere, at any time. Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company's inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 65,225 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company's core development areas of routing and switching, as well as in advanced technologies such as home networking, IP telephony, optical networking, security, storage area networking, and wireless technology. In addition to its products, Cisco provides a broad range of service offerings, including technical su

Events

Cyber Security World Asia

Conference