CISO Agenda 2015: Adding Value to a Security Program with Application Security
The business case presented to internal stakeholders can make or break your security program. Statistics around breaches and vulnerabilities have not been sufficient in helping CISOs talk to their boards about funding more mature AppSec programs. Traditional ROI models often focus on proving that "something bad didn't happen" instead of demonstrating that the program is providing value for the company - and therefore deserves higher levels of funding. As a security professional, you know the stakes are high for your organization. But how do you convince others to stop sitting on the sidelines and actively support your goals?
After attending this webinar you will:
- Understand why successful application security programs focus on changing development culture;
- How to leverage the model that one company used to demonstrate the 192 percent ROI achieved by their application security program;
- How to educate, rather than defend, on your ROI model with stories of culture change that drive the numbers.
The path of least resistance for cyber-criminals is to attack well-known vulnerabilities in enterprise-developed applications. According to an IDG study, on average enterprises expect to develop over 340 new applications in 12 months, yet only assess 37% of them for cybersecurity risks. This assessment gap leaves the majority of an enterprise's application inventory open to attack. Part of the reason for this assessment gap is that CISOs need to demonstrate more than "something bad didn't happen" to properly fund and mature their application security programs.
Security professionals continue to struggle with demonstrating how application security programs provide value for the company because:
- Statistics around breaches and vulnerabilities have not been sufficient in helping CISOs talk to their board about funding more mature AppSec programs;
- Traditional application security ROI models focus on breach avoidance savings - i.e. "something bad didn't happen" - when calculating the benefits of a security program;
- The vast number of enterprise applications makes the problem appear too daunting to tackle effectively.
This webinar explores the sources of value from an application security program and how to demonstrate the overall value of an application security program. The value educating developers and business stakeholders on why security is important and how changing the software development culture can be achieved at scale . This webinar will also showcase how one company used this model to demonstrate the 192 percent ROI achieved, and how other CISOs can use the model to validate the value of their enterprise's security programs.
You might also be interested in …