A Fresh Approach to Building an Application Security Program

posted on Jul 28, 2014 by Rohit Sethi

Ben Tomhave and Ramon Krikken at Gartner have released a paper called Application Security: Think Big, Start with What Matters which describes concrete steps on how to cost effectively deploy an app sec program. We highly recommend that organizations seeking to build an app sec program to read the report. Krikken & Tomhave have defined…

3 Things To Consider When You Revisit Your Backup System

posted on Jul 9, 2014 by sahba

What’s expected from you in your role as a CISO is expanding as companies rely heavily on more complicated information systems. There is a barrage of threats and more reliance on technology as businesses leave the pencil and paper behind. Status quo is not an option with so much change occurring within the IT industry,…

A Word About Backup Solutions

posted on Jun 25, 2014 by Jarl

Does your company have a defined backup recovery strategy and system in place? Does having such a system even matter? Unfortunately, most companies haven’t integrated effective backup solutions and, in some cases, the requirements for what constitutes a proper backup solution are not even present. A proper system should be tailored to business needs and…

Software Security: An Imperative to Change

posted on Jun 3, 2014 by Rohit Sethi

Attention grabbing exploits are becoming the norm. We hear about bugs like Heartbleed and IE 0days almost every week. Understandably the public is concerned about insecure technology.  Yet for those of us who work in information security, this isn’t news at all. We have long known that insecure software is the root cause of most…

What’s new in PCI DSS v3.0 for Penetration Testing?

posted on May 15, 2014 by Nima Dezhkam

The PCI (Payment Card Industry) Security Standard Council releases a mandated PCI Data Security Standard (DSS) with the goal of securing cardholder data that is stored, processed or transmitted by merchants and other organizations. PCI DSS follows a 36 month lifecycle at the end of which a new version of the standard is released. The…

It’s Cool to Care about Security Requirements

posted on May 7, 2014 by Rohit Sethi

We at Security Compass are thrilled to be named Gartner Cool Vendor 2014 for the Application & Endpoint security category with our SD Elements product. Each year, Gartner identifies new Cool Vendors in key technology areas and publishes a series of research reports highlighting these innovative vendors and their products and services. This is a…

Introducing Continuous Threat Monitoring in SD Elements

posted on Apr 29, 2014 by Geoff Whittington

We are excited to announce the inclusion of a major new feature in SD Elements: Email new task notification. With this new feature, clients who model an application in SD Elements will now be notified via email if there are new tasks that apply to their application. Practically speaking, this means that a client can…

Making the Business Case for a Software Security Requirements Program

posted on Apr 25, 2014 by Chris Tyson

Most of our customers need to justify the costs of implementing a software security requirements program when they purchase SD Elements.  This post will explain how to build an effective business case based on real data. We will show you how application security program will be both more cost effective and more secure by implementing…