Software Security: How to Prioritize, Measure and Convey it to the Board
Amidst the shifting threat landscape in the healthcare sector, cloud migration and ongoing digital transformation, software security is often low or even last on the list of priorities for security leaders to address.
Yet, with the 2021 presidential executive order on cybersecurity, and as headlines continue to feature high-profile breaches, board members at healthcare organizations - and across all industries - are taking notice. Even though there are often designated technical experts on boards, there is now an increased awareness around cybersecurity - especially software security - even among the traditionally business-oriented members.
So, it’s important to prioritize software security and to tailor messages to the business functions so that they too can understand the organization's risk posture. But communicating about software security to the board can be particularly challenging because of the ways that it differs from other security solutions. You don’t install a software security tool and count the breaches getting deflected; you change the way you develop software by building security in from the start. This is a significant pivot from traditional, reactive ways of thinking about security.
Security professionals are often faced with the following questions: How do we determine and justify the required resources for a software security program? How do we ensure - and prove - that development teams are adopting software security practices? Is our software security operating effectively? And how do we prove that?
Join this session, Software Security: How to Prioritize, Measure and Convey it to the Board, to get best practices on how to explain and report on a software security program for an executive audience.
Yet, with the 2021 presidential executive order on cybersecurity, and as headlines continue to feature high-profile breaches, board members at healthcare organizations - and across all industries - are taking notice. Even though there are often designated technical experts on boards, there is now an increased awareness around cybersecurity - especially software security - even among the traditionally business-oriented members.
So, it’s important to prioritize software security and to tailor messages to the business functions so that they too can understand the organization's risk posture. But communicating about software security to the board can be particularly challenging because of the ways that it differs from other security solutions. You don’t install a software security tool and count the breaches getting deflected; you change the way you develop software by building security in from the start. This is a significant pivot from traditional, reactive ways of thinking about security.
Security professionals are often faced with the following questions: How do we determine and justify the required resources for a software security program? How do we ensure - and prove - that development teams are adopting software security practices? Is our software security operating effectively? And how do we prove that?
Join this session, Software Security: How to Prioritize, Measure and Convey it to the Board, to get best practices on how to explain and report on a software security program for an executive audience.
Discussion topics will include:
- How have you approached the software security challenge – and where is it among your strategic priorities?
- How do you make the successful business case for a software security program?
- With a program in place, how do you ensure your developers are following your standards?
- How do you measure the success of your program?
- How do you communicate the metrics to your board and senior management?
Tom Field
SVP Editorial
ISMG
Chris Eng
Chief Research Officer
Veracode
July 12, 2022 | 12:30 - 01:30 pm EDT | New York City - Convene
