Skip to main content
SpringerLink
Log in

Scalable Frameworks for Application Security and Data Protection

  • Conference paper
  • First Online:
Global Security, Safety and Sustainability - The Security Challenges of the Connected World (ICGS3 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 630))

Abstract

Nationwide organizations face the challenge of managing the cyber risk profile while delivering software solutions to meet growing and changing requirements of customers, regulators, and internal stakeholders. Companies operate in competing priorities having limited resources available. It is crucial to design and deploy scalable frameworks that help prioritizing actions in the “Identify. Protect. Detect. Respond. Recover.” paradigm. Unsecure practices at developing, and deploying applications and dependency on improperly managed web and cloud-based services may lead to data compromise. In the article, the author introduces an approach to identify high-yield opportunities for building cybersecurity capabilities and proposes a framework for delivering application security and compliance on scale. Effective frameworks allow the transformation of costs into value for businesses and their customers through achieving compliance, measuring security risks, and keeping them under control.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    “Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, business interruption, and network damage. A robust cybersecurity insurance market could help reduce the number of successful cyber attacks by: (1) promoting the adoption of preventative measures in return for more coverage; and (2) encouraging the implementation of best practices by basing premiums on an insured’s level of self-protection. Many companies forego available policies, however, citing as rationales the perceived high cost of those policies, confusion about what they cover, and uncertainty that their organizations will suffer a cyber attack. In recent years, the Department of Homeland Security National Protection and Programs Directorate (NPPD) has engaged key stakeholders to address this emerging cyber risk area.” The Department of Homeland Security, (June 30, 2016), https://www.dhs.gov/cybersecurity-insurance.

References

  1. The Emergence of Risks: Contributing Factors. Report of International Risk Governance Council, Geneva (2010)

    Google Scholar 

  2. Trends in security framework adoption. A survey of IT and security professionals. Dimensional Research, March 2016

    Google Scholar 

  3. Executive Order—Improving Critical Infrastructure Cybersecurity. The White House, Office of the Press Secretary, 12 February 2013. https://www.whitehouse.gov/the-press-office/2013/02/12/executive-order-improving-critical-infrastructure-cybersecurity

  4. Cybersecurity: ‘Rosetta Stone’ Celebrates Two Years of Success. NIST, 18 February 2016. https://www.nist.gov/news-events/news/2016/02/cybersecurity-rosetta-stone-celebrates-two-years-success. Updated 23 July 2016

  5. Framework for Improving Critical Infrastructure Cybersecurity Version 1.0. National Institute of Standards and Technology, U.S. Department of Commerce. http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf

  6. Why you should adopt the NIST Cybersecurity Framework. PricewaterhouseCoopers, May 2014. https://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/adopt-the-nist.pdf

  7. The CIS Controls for Effective Cyber Defense Version 6.0. The Center for Internet Security (CIS). https://www.cisecurity.org/critical-controls/

  8. CIS: Critical Security Controls Poster, SANS. https://www.sans.org/media/critical-security-controls/critical-controls-poster-2016.pdf

  9. NIST: CIS Security Frameworks See Mainstream Adoption. Infosecurity, 11 May 2016. http://www.infosecurity-magazine.com/news/nist-cis-security-frameworks-see/

  10. Cloud Controls Matrix: CSA. https://cloudsecurityalliance.org/group/cloud-controls-matrix/

  11. OCTAVE: CERT. http://www.cert.org/resilience/products-services/octave/

  12. RiskLens’ Purpose Built Platform: RiskLens. http://www.risklens.com/platform

  13. Threat Assessment and Remediation Analysis (TARA): MITRE, October 2011. https://www.mitre.org/sites/default/files/pdf/11_4982.pdf

  14. Cloud Controls Matrix v3.0.1: Cloud Security Alliance, June 2016. https://cloudsecurityalliance.org/download/cloud-controls-matrix-v3-0-1/ISO/IEC

Download references

Author information

Authors and Affiliations

  1. CDI Corporation, Cambridge, Massachusetts, USA

    Ilya Kabanov

Authors
  1. Ilya Kabanov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ilya Kabanov .

Editor information

Editors and Affiliations

  1. GSM London Meridian House, London, United Kingdom

    Hamid Jahankhani

  2. SC Strategy Limited, London, United Kingdom

    Alex Carlile

  3. Kaspersky Lab, London, United Kingdom

    David Emm

  4. Leeds Beckett University, Leeds, United Kingdom

    Amin Hosseinian-Far

  5. Northumbria University, London, United Kingdom

    Guy Brown

  6. Northumbria University, Newcastle upon Tyne, United Kingdom

    Graham Sexton

  7. QAHE with Northumbria University, London, United Kingdom

    Arshad Jamal

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Kabanov, I. (2016). Scalable Frameworks for Application Security and Data Protection. In: Jahankhani, H., et al. Global Security, Safety and Sustainability - The Security Challenges of the Connected World. ICGS3 2017. Communications in Computer and Information Science, vol 630. Springer, Cham. https://doi.org/10.1007/978-3-319-51064-4_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-51064-4_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-51063-7

  • Online ISBN: 978-3-319-51064-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation