 |
 |
|
|
|
| |
|
|
We provide a range of consultancy services to advise your organisation on how best to minimise the security risks within your business applications to ensure they meet legal and regulatory compliance requirements.
|
|
|
|
|
For organisations, today's numerous compliance, legal and regulatory requirements are one of the most challenging and complex business issues they face. The increased frequency of security incidents, including well-publicised breaches, has highlighted the need for greater levels of assurance around business-critical and personal data.
Fundamental to addressing these regulations or internal governance requirements, whether in the public or private sector, is the need to use a risk-based approach as the basis for the implementation of appropriate levels of control. As with any other major business project, security risk assessments should sit as a key component of an effective application development program.
Sopra Group can provide organisations with independent risk assessments for their Web applications that will:
- Include an audit of the organisation's risk posture
- Identify information assets and the associated risks
- Propose strategies to help mitigate against these risks.
In addition, threat modelling can be a valuable technique to help an organisation focus its resources on the most important issues its applications will face when in-service.
We can facilitate a workshop to look at potential vulnerabilities and develop real-life threat scenarios. These threat models can then be fed back into the risk management process to highlight possible application security design modifications and robust tailored testing plans.
|
|
|
|
|
Security should be considered as an integral feature of any application development specification. A risk-led approach ensures that the correct levels of security are defined from the outset and that the appropriate controls are built into the application design.
These requirements will reflect specific compliance, regulatory and legal requirements in conjunction with the outputs of a suitable risk assessment. As many organisations have only recently begun to define their web application security strategy, they often do not possess the necessary skills to assess which security controls should be implemented.
Sopra Group's consultants work in partnership with our clients to clearly understand their specific needs, development processes and existing security infrastructure. We then agree and document their security specifications for both the application itself and the supporting architecture to ensure that the appropriate levels of control are specified from the outset.
|
|
|
|
|
Designing appropriate security into an application at its inception can provide an organisation with significant ROI. Research has shown that the cost of finding a security vulnerability in the design stage of software development can be up to 100 times less than if that same vulnerability had manifested itself in production. Having specific specialist expertise available may not always be possible, yet it is important to have assurance that the security design specification is appropriate.
Sopra Group will provide an independent audit and review of both the application security design and the proposed supporting architectures from a third-party, security-focused viewpoint, and produce a report highlighting potential improvements.
Our independence brings added objectivity to the process as with an in-house review it is often easy to get too close to project and associated business pressures to take a truly objective view of the risks.
In addition to these consultancy services, we have also assisted organisations with their application procurement processes by helping to ensure that the security requirements were included and specified correctly.
|
|
|
|
 |
|
|
