Sustainable levels of performance can never be achieved without keeping security at the forefront of an organization’s digitalization strategy. Too often, security is treated like an after-thought – an activity at the end of the product development cycle or something to “fix” once a vulnerability is identified.
Comparative Security provides forward-leaning organizations with the information and intelligence necessary to embed security thinking as a natural part of an organization’s operational strategy. By treating security as an integral part of product development, companies can limit their security exposure, make better tradeoffs and more effectively maneuver the constant security challenges inherent in today’s fast-moving business landscape.
About Comparative Security
Understand how you stack up against other companies or peers in your industry so you can more effectively target your security investments where it makes the most sense. By deploying a data-driven strategy to security, you’ll be able to:
GovernanceOur organization has an evangelist - an active advocate - who keeps stakeholders aware of the issues around information security and their importance to the business.
IntelligenceWe maintain a list of open source used in apps, and have a process to keep it current with security patches.
SSDL TouchpointsSecurity requirements are used to review feature designs.
DeploymentWe use external penetration testers to find problems.
OutcomesThe team is producing higher quality products than before.
GovernanceWe have gates in our SDLC that call for security-related artifacts.
IntelligenceWe analyze and document application-specific threat models and/or top attack lists.
SSDL TouchpointsWe perform basic threat modelling (perhaps with a standard questionnaire) on each new application or feature.
DeploymentFindings from penetration testing are entered into the produce development process (e.g. backlog, defect tracking).
Embed security as an integral part of your organization’s product development approach
Benchmark your company’s security efforts against peers in your industry
Understand where you need to invest additional time and resources; amplify existing strengths
Assess efforts at the team, program and organizational levels