• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Student360
  • About
    • Secure360
    • UMSA
  • Secure360 2022
  • For Sponsors
  • For Speakers
  • Get Involved
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

App Security? There’s a metric for that! (Part 2)

This is the second part of Tuesday’s session, with a hands-on approach.

**Original, Part 1 description, below**

Over the past year, NetSPI has been working on a new approach to manage and measure application security. By combining OWASP’s Software Assurance Maturity Model, traditional risk assessment methodologies, and experience developing security metrics, NetSPI developed a methodology that may be used to help organizations improve the way they manage and prioritize their application security initiatives. Once fully developed, this approach will be donated to OWASP either as an add-on to the existing SAMM project or as a new project intended to improve application security management. In this presentation, NetSPI will provide a detailed walk-through of the overall methodology as well as OWASP’s SAMM project. We will provide examples of the types of metrics and executive dashboards that can be generated by using this approach to managing application security and help highlight various ways this information can be used to further improve the overall maturity of application security programs.

About Yan Kravchenko

Yan Kravchenko has over 17 years of IT and information security consulting experience, the last four with NetSPI . Most recently Yan served as the Director of IT for a $250M company. Prior to that Yan spent seven years performing IT Audits. In addition to a strong understanding of audit and compliance, Yan has a deep technical background.

Yan has specialized in the healthcare and technology fields but has also worked extensively with clients in government, education, manufacturing and agriculture. He is a founding member of the Twin Cities HITRUST SIG, which helps organizations implementing the HITRUST Common Security Framework and is a leading authority on compliance with the DEA’s Electronic Prescriptions of Controlled Substances rule. He has developed the industry’s first DEA EPCS program guide.

Yan holds a variety of certifications including: CISSP, QSA, CISA, CISM, PCIP

Primary Sidebar

Details

Wednesday May 13, 2015
9:45 AM - 10:45 AM
Room 10
Focus: GRC (Governance, Risk & Compliance), , , Cybersecurity

Share this page

Share on Facebook
Facebook
Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin
Buffer this page
Buffer
Email this to someone
email

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2022 Secure360. All rights reserved.