Abstract
Nationwide organizations face the challenge of managing the cyber risk profile while delivering software solutions to meet growing and changing requirements of customers, regulators, and internal stakeholders. Companies operate in competing priorities having limited resources available. It is crucial to design and deploy scalable frameworks that help prioritizing actions in the “Identify. Protect. Detect. Respond. Recover.” paradigm. Unsecure practices at developing, and deploying applications and dependency on improperly managed web and cloud-based services may lead to data compromise. In the article, the author introduces an approach to identify high-yield opportunities for building cybersecurity capabilities and proposes a framework for delivering application security and compliance on scale. Effective frameworks allow the transformation of costs into value for businesses and their customers through achieving compliance, measuring security risks, and keeping them under control.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
“Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack. In recent years, the Department of Homeland Security National Protection and Programs Directorate (NPPD) has engaged key stakeholders to address this emerging cyber risk area.” The Department of Homeland Security, (June 30, 2016), https://www.dhs.gov/cybersecurity-insurance.
References
The Emergence of Risks: Contributing Factors. Report of International Risk Governance Council, Geneva (2010)
Trends in security framework adoption. A survey of IT and security professionals. Dimensional Research, March 2016
Executive Order—Improving Critical Infrastructure Cybersecurity. The White House, Office of the Press Secretary, 12 February 2013. https://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity
Cybersecurity: ‘Rosetta Stone’ Celebrates Two Years of Success. NIST, 18 February 2016. https://www.nist.gov/news-events/news/2016/02/cybersecurity-rosetta-stone-celebrates-two-years-success. Updated 23 July 2016
Framework for Improving Critical Infrastructure Cybersecurity Version 1.0. National Institute of Standards and Technology, U.S. Department of Commerce. http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf
Why you should adopt the NIST Cybersecurity Framework. PricewaterhouseCoopers, May 2014. https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/adopt-the-nist.pdf
The CIS Controls for Effective Cyber Defense Version 6.0. The Center for Internet Security (CIS). https://www.cisecurity.org/critical-controls/
CIS: Critical Security Controls Poster, SANS. https://www.sans.org/media/critical-security-controls/critical-controls-poster-2016.pdf
NIST: CIS Security Frameworks See Mainstream Adoption. Infosecurity, 11 May 2016. http://www.infosecurity-magazine.com/news/nist-cis-security-frameworks-see/
Cloud Controls Matrix: CSA. https://cloudsecurityalliance.org/group/cloud-controls-matrix/
OCTAVE: CERT. http://www.cert.org/resilience/products-services/octave/
RiskLens’ Purpose Built Platform: RiskLens. http://www.risklens.com/platform
Threat Assessment and Remediation Analysis (TARA): MITRE, October 2011. https://www.mitre.org/sites/default/files/pdf/11_4982.pdf
Cloud Controls Matrix v3.0.1: Cloud Security Alliance, June 2016. https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/ISO/IEC
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Kabanov, I. (2016). Scalable Frameworks for Application Security and Data Protection. In: Jahankhani, H., et al. Global Security, Safety and Sustainability - The Security Challenges of the Connected World. ICGS3 2017. Communications in Computer and Information Science, vol 630. Springer, Cham. https://doi.org/10.1007/978-3-319-51064-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-51064-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-51063-7
Online ISBN: 978-3-319-51064-4
eBook Packages: Computer ScienceComputer Science (R0)