Joshua Rebelo & Patrick McEnany, Intel Security (Mcafee India Software Pvt Ltd)
The world has become a global village, and it is being ruled and prominently controlled by technology and electronics in particular. This results to consistent increase in the availability of personal, corporate, and financial information in cyberspace. This creates enormous opportunities for cyber attackers to access the data and misuse it through hacking tools and tutorials.
One such recent example is the intellectual property theft in the Xbox One gaming console and Xbox Live. The hacking of Target and Home Depot networks lead to the leakage of sensitive data such as email-ids and credit card details. Another example is the data breach of 4.2 million individuals in the US Government Office of Personnel Management (OPM). These incidents clearly emphasize the necessity to deliver a comprehensive secure product. For organizations, the goal must be to adopt a better strategy and protect the data and resources in a more proactive manner.
Organizations span the spectrum when it comes to the maturity around creating secure products. Some organizations have a well-defined process that ensures the delivery of highly secure products whereas some organizations want to improve the security maturity model but lack management support. Some organizations are not even aware of product security and they are not sure from where to start.
This paper defines a multi-layered security approach that can be applied to any platform, product, and programming language. The multi-layered security helps the product teams that having little knowledge of product security to uncover the low hanging security defects. As the team gains expertise they become Evangelist and Champions of secure software development.
Since the threat types and attack vectors are evolving at a rapid pace, creating a security maturity model for the product that can provide up-to-date protection and realign its capability to handle the latest security challenges are vital.
Target Audience: Intermediate
2015 Technical Paper, Joshua Rebelo, Paper, Slides, Notes, Video.