Manage your application security risk and comply with OCC Bulletin 2008-16 cost-effectively...
Hear about how leading organizations are leveraging Bulletin 2008-16 as a blueprint for securing third party applications
Learn about contract language you can use in SLAs to demand secure software from third parties
Learn how you can cost-effectively manage the risk of built, bought or outsourced code without additional hardware, software or personnel investments
Your IT organization - no matter what the size - is learning to do more with less. Yet whether you choose to build applications internally, purchase third party software or outsource your needs, the burden of managing IT security risk - and specifically application security risk - has not reduced.
This webinar will discuss cost-effective measures your organization can take to secure your applications, comply with OCC Bulletin 2008-16 and develop an effective, comprehensive application security strategy.
Recently, the Comptroller of the Currency (OCC) took the extraordinary step of issuing a bulletin (OCC Bulletin 2008-16) to alert financial institutions of the risks posed by insecure software and recommend steps banks should take to reduce risk and protect their critical data.
This follows on new industry regulations from the Payment Card Industry requiring application security testing for merchants, service providers and payment application vendors along with a recent advisory from Gartner that "Application security testing should be mandatory for outsourced development and maintenance."
Perhaps most notable in the OCC Bulletin is the scope of the recommendations. Not only are banks advised about internally developed applications, but they need to mitigate risk from commercial software, outsourced development, and contracted software for both internal and web-facing applications.
This webinar will discuss cost-effective means you can comprehensively assess your entire portfolio of software applications whether bought, built internally or outsourced without the addition of new hardware, software or time-consuming (and costly) manual testing.
Special guest presenter, John Jacott, PCI-QSA, IRCA Lead Auditor for ISMS, will provide insights as to what auditors may be looking for and how to generally leverage the framework of Bulletin 2008-16 as an overall blueprint for application security.
Mike has more than 15 years of product management and marketing experience and has acquired extensive security skills and helped launch the first security solution for enterprise wireless LAN deployments. Mike has spoken at many industry events including Interop, Network World Security Seminars, and has lectured on IT security with IP3, MIS and TechTarget.