Compliance Strategy and Planning – Building an Effective Application Security Program
John Pavone

        Compliance doesn’t make you secure, but a good application security program can ensure your applications are compliant with all major regulations, including PCI, FISMA, SOX, and HIPAA. Application security is no longer a choice. Between increasing number of attacks and regulatory pressures, organizations must demonstrate their capability to secure their applications. Given the staggering number of applications and lines of code already in production, many organizations are struggling to identify a cost-effective and compliant approach to gaining this assurance.

        Through a series of case studies and scenarios, John will provide awareness of application security vulnerabilities and verification techniques, compare pros/cons of remediation approaches taken, and provide a practical and tried method in establishing a positive application security program.  A program based on four simple balanced focus areas that leverage people, process, and technology to build the capability to reliably produce secure applications.  Together, these areas with established practices will enable your organization to successfully manage, improve and sustain an application security initiative in a cost effective and regulatory compliant manner.

Speaker: John Pavone is Aspect Security's Acceleration Services Practice Lead, specializing in the enablement of application security within organizations.  John has been an IT professional for over 20 years. In the last 12 years, John has concentrated solely on Information and IT Infrastructure Security.

 

Download link: http://blip.tv/file/get/Irongeek-2009LMIJohnPavone481.mp4

Descriptions and details from http://www.louisvilleinfosec.com, with small edits.
Thanks to Lee Pfeiffer and the student volunteers for handling the video the day of the conference, and Brian Blankenship for editing the videos.

Printable version of this article