• Home

  • Documents

  • How can a small business handle all the requirements that ... you can learn from... · How can a...
7

Click here to load reader

How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

Embed Size (px)

Citation preview

Page 1: How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

SANS AppSec Summit 2012 Partnet, Inc.

How can a small business handle all the

requirements that the Department of Defense

imposes?

Page 2: How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

SANS AppSec Summit 2012 Partnet, Inc.

Page 3: How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

SANS AppSec Summit 2012 Partnet, Inc.

Partnet and DOD EMall

Page 4: How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

SANS AppSec Summit 2012 Partnet, Inc.

How can a small company keep up

with so many security requirement?

• DOD Security Technical Implementation

Guidelines STIGs

– Application Security and Development

– Operating Systems

– Web servers

– Application servers

– Networking

• PCI-DSS

Page 5: How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

SANS AppSec Summit 2012 Partnet, Inc.

1. Everyone Owns Security

• We consider ourselves a security company

• Out of about about 40 employees:

– Half have security training

– 5 are directly responsible

• Security isn't something that someone else

does

• All Developers know OWASP Top Ten

– Code Review each other

Page 6: How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

SANS AppSec Summit 2012 Partnet, Inc.

2. Tools and Open Source

• Establish common frameworks

• Open Source

– OWASP Tools

• Build our own

• Scanning Tools

Page 7: How can a small business handle all the requirements that ... you can learn from... · How can a small business handle all the requirements that the Department of Defense ... DODI

SANS AppSec Summit 2012 Partnet, Inc.

3. Discipline

• Small Company = Flexibility

• Small Company != Undisciplined

• Process, CMMI != Shackles

• Process = Freedom to do what we say we will

do.

• Build a solid process with security habits

– OWASP SAMM or BSIMM as a guide

• DoD: Work with IA Officer and Branch

– Seek clarity of which requirements apply


Utilizing HFM to Handle the Requirements of IFRS

Utilizing HFM to Handle the Requirements of IFRS

Technology
Can Clustering Improve Requirements Traceability?

Can Clustering Improve Requirements Traceability?

Documents
IR-Drop Analysis handle Analysis by Chris Halford Advanced Layout Solutions Ltd chris.halford@alspcb.com Can your PCB traces and planes ‘handle’ your power supply requirements?

IR-Drop Analysis handle Analysis by Chris Halford Advanced Layout Solutions Ltd [email protected] Can your PCB traces and planes ‘handle’ your power supply requirements?

Documents
CAN Physical Layer Requirements

CAN Physical Layer Requirements

Documents
Think WinWin: You Can Handle Them All

Think WinWin: You Can Handle Them All

Education
How downstream users can handle exposure scenarios ...echa.europa.eu/documents/10162/13655/du_practical_guide_13_en.pdf · How downstream users can handle exposure scenarios . Practical

How downstream users can handle exposure scenarios ...echa.europa.eu/documents/10162/13655/du_practical_guide_13_en.pdf · How downstream users can handle exposure scenarios . Practical

Documents
Manual Handling Solutions You Can Handle

Manual Handling Solutions You Can Handle

Documents
How You Can Better Handle Your Anxiety

How You Can Better Handle Your Anxiety

Documents
You Too Can Handle FECA Claims: The Basics

You Too Can Handle FECA Claims: The Basics

Documents
Bouncing Back: How Your Agency Can Handle Disruption and

Bouncing Back: How Your Agency Can Handle Disruption and

Documents
TUF-LITE® CAN HANDLE THE HEAT - Chart Industries

TUF-LITE® CAN HANDLE THE HEAT - Chart Industries

Documents
Requirements CSE 403. 2 Lecture outline What are requirements? How can we gather requirements? How can we document requirements? Use cases

Requirements CSE 403. 2 Lecture outline What are requirements? How can we gather requirements? How can we document requirements? Use cases

Documents
Design Requirements – Reactor Physicsdspace.mit.edu/bitstream/handle/1721.1/45533/22-39Fall...Design Requirements – Reactor Physics 22.39 Elements of Reactor Design, Operations,

Design Requirements – Reactor Physicsdspace.mit.edu/bitstream/handle/1721.1/45533/22-39Fall...Design Requirements – Reactor Physics 22.39 Elements of Reactor Design, Operations,

Documents
Out of the box! can you handle it?

Out of the box! can you handle it?

Education
‘I hope we can handle it’: A study ... - abdn.ac.uk

‘I hope we can handle it’: A study ... - abdn.ac.uk

Documents
Can the Elephants Handle the NoSQL Onslaught? - VLDBvldb.org/pvldb/vol5/p1712_avriliafloratou_vldb2012.pdf · Can the Elephants Handle the NoSQL Onslaught? Avrilia Floratou ... In

Can the Elephants Handle the NoSQL Onslaught? - VLDBvldb.org/pvldb/vol5/p1712_avriliafloratou_vldb2012.pdf · Can the Elephants Handle the NoSQL Onslaught? Avrilia Floratou ... In

Documents
Jobs that an Electrician can Handle - Infographic

Jobs that an Electrician can Handle - Infographic

Documents
Can cellular networks handle 1000x the data?users.ece.utexas.edu/~bevans/courses/rtdsp/lectures/Andrews_Cellular... · Can cellular networks handle 1000x the data? Jeffrey G. Andrews

Can cellular networks handle 1000x the data?users.ece.utexas.edu/~bevans/courses/rtdsp/lectures/Andrews_Cellular... · Can cellular networks handle 1000x the data? Jeffrey G. Andrews

Documents
ASSA Hygienic Handle - ASSA ABLOY Opening Solutions · The ASSA Hygienic Handle is an ergonomically designed door handle that meets the stringent requirements of modern hospital environments

ASSA Hygienic Handle - ASSA ABLOY Opening Solutions · The ASSA Hygienic Handle is an ergonomically designed door handle that meets the stringent requirements of modern hospital environments

Documents
Psi Can We Handle It

Psi Can We Handle It

Documents
We can handle your requirements at head field

We can handle your requirements at head field

Career
Predicting Activity Cliffs - Can Machine Learning Handle Special Cases?

Predicting Activity Cliffs - Can Machine Learning Handle Special Cases?

Technology
USM Series can handle your testing requirements …testequipmentdatasheets.com/index_cards/K/Krautkramer...AgfaNDT.com Agfa NDT Inc. 50 Industrial Park Road Lewistown, PA 17044 USA

USM Series can handle your testing requirements …testequipmentdatasheets.com/index_cards/K/Krautkramer...AgfaNDT.com Agfa NDT Inc. 50 Industrial Park Road Lewistown, PA 17044 USA

Documents
LEE DRUTMAN CAN OUR POLITICAL INSTITUTIONS HANDLE …na-production.s3.amazonaws.com/documents/Institutions-Divided-Politics.pdf · CAN OUR POLITICAL INSTITUTIONS HANDLE OUR POLITICAL

LEE DRUTMAN CAN OUR POLITICAL INSTITUTIONS HANDLE …na-production.s3.amazonaws.com/documents/Institutions-Divided-Politics.pdf · CAN OUR POLITICAL INSTITUTIONS HANDLE OUR POLITICAL

Documents
How Much Can Running Shoes handle

How Much Can Running Shoes handle

Sports
HOW MANY JOBS CAN YOU HANDLE RIGHT AFTER COLLEGE?

HOW MANY JOBS CAN YOU HANDLE RIGHT AFTER COLLEGE?

Documents
How can Public Administrations contribute to handle social ...bibliotekacyfrowa.pl/Content/35512/008.pdfHow can Public Administrations contribute to handle social crisis? Helena Rato1

How can Public Administrations contribute to handle social ...bibliotekacyfrowa.pl/Content/35512/008.pdfHow can Public Administrations contribute to handle social crisis? Helena Rato1

Documents
Utilizing HFM to Handle the Requirements of IFRS

Utilizing HFM to Handle the Requirements of IFRS

Technology
Can you Handle it?

Can you Handle it?

Documents
What You Can Do To Handle Your Money

What You Can Do To Handle Your Money

Documents