Friday, August 7, 2015

A Use Case for Security Operational Software Application

The use case for an operational oriented software application stems from the need to centralize the management of numerous vulnerabilities found during the various stages in an application’s lifecycle. Security teams often manages and tracks multiple of different types of assessments. The assessments range from automated scans with predetermine fields (i.e., that cannot be changed) to manually completed assessment where the fields are not required to follow a standard naming convention.

However, despite the lack of uniformity in the naming convention while describing vulnerabilities (a.k.a., findings), they can also be described through a common base set of characteristics. These characteristics typically include, a title of the finding, description, results (the output of the finding), risk rating and recommendations. This provides an opportunity to normalize these common characteristics into a single unifying process. The benefit of this approach will enable the Security Analyst to concentrate on the causality and more importantly, developing effective both in cost and mitigation solutions. This will also enable management to make clear and decisive decisions on where the real problems potentially exist in the organization's resources and technology in both the I.T. and the business operations.

Each finding can then also be broken further down into categories, not only by the type of assessments that were completed, but also by what areas have the greatest impact to the stability, as well as the effectiveness of any given application to maintain the confidentiality and integrity of the data being accessed and modified on a daily basis. By breaking down each finding by the characteristic of the vulnerability, management can then review where the issues are within the secure software development lifecycle (SSDLC). There are numerous benefits to this approach. For example, identification of where legal and regulatory requirements are not being met, lack of attention to parts of existing (or non-existing) SSDLC processes, as well as third-party development team’s adherence to their contractual obligations.

But before the Security Analyst can start to analyze the vulnerabilities and define the various characteristics each are associate with, they must be provided with consistent and repeatable processes with the obtainable goal of maximizing both the group and the organization’s operational effectiveness.

This can be accomplished through various means, such as manual analysis through documentation review or by automation and correlation processes. As there are multitude of ways to assess and analyze data, there are also numerous methods to manage it. However there are challenges to managing the volume of data typically associated with the discovery, tracking and monitoring of vulnerabilities. These challenges typically consist of information sharing, data duplication, variation of the same data, historical references, accessibility and the versatility of reporting that addresses the organization's risk posture instead of just performance based metrics.

To address these challenges, the organization must move towards a more formal workflow process. This means eliminating the dependency on spreadsheets as a means to archive, process and managing its vulnerability data. Besides the risks that can be attributed to accidental exposure inherent in a decentralize model spreadsheets represents, it lacks the real-time visibility and insight organization's require for dealing with threats. To achieve and overcome these challenges the organization can look towards more operational oriented software application centered round a single codebase, database and workflow processes. More specifically, the operational oriented software application must provide:
  • A single simplified operational process,
  • Multiple options to import various assessment methodologies,
  • Normalization of the data fields from the various reports,
  • Automate the categorization of the records according how the findings where discovered, and
  • A workflow framework that supports risk analysis, exception and remediation management.
It is through this type of application that will enable the organization to reap the benefits of operational effectiveness. And its through this simplification process security in partnership with management, can combine their functional expertise to tailor processes and applications in a way that improves performance and ultimately the visibility for dealing with today's cyber security landscape.