Comparative Security
by Comparative AgilitySustainable levels of performance can never be achieved without keeping security at the forefront of an organization’s digitalization strategy. Too often, security is treated like an after-thought – an activity at the end of the product development cycle or something to “fix” once a vulnerability is identified.
A data-driven strategy to security.
Comparative Security provides forward-leaning organizations with the information and intelligence necessary to embed security thinking as a natural part of an organization’s operational strategy.
By treating security as an integral part of product development, companies can limit their security exposure, make better tradeoffs and more effectively maneuver the constant security challenges inherent in today’s fast-moving business landscape.
Trusted Content
Comparative Security is created by security professionals with experience from some of the world’s most respected organizations.
Key Security Dimensions
The survey covers key dimensions of a comprehensive security strategy, including Governance, Intelligence, SSDL Touchpoints and Deployment.
Dynamically Updated and Validated
The results are collected, statistically validated and ultimately informs the comparative dataset available for your benchmarking.
About Comparative Security
Understand how you stack up against other companies or peers in your industry so you can more effectively target your security investments where it makes the most sense. By deploying a data-driven strategy to security, you’ll be able to:
Integrate a continuous improvement approach to your security strategy: leverage Comparative Security to inform a strategic security roadmap at all levels of the organization.
Get a perspective of your current security risk profile and understand strengths and weaknesses of your approach compared to peers.
Quickly target areas of your security strategy where you need to act; recognize where you can build on existing strengths.
Give team members a voice and involve people at all levels of the organization as part of your security strategy.
Sample Survey Items
Governance
Our organization has an evangelist - an active advocate - who keeps stakeholders aware of the issues around information security and their importance to the business.Intelligence
We maintain a list of open source used in apps, and have a process to keep it current with security patches.SSDL Touchpoints
Security requirements are used to review feature designs.Deployment
We use external penetration testers to find problems.Outcomes
The team is producing higher quality products than before.Governance
We have gates in our SDLC that call for security-related artifacts.Intelligence
We analyze and document application-specific threat models and/or top attack lists.SSDL Touchpoints
We perform basic threat modelling (perhaps with a standard questionnaire) on each new application or feature.Deployment
Findings from penetration testing are entered into the produce development process (e.g. backlog, defect tracking).Sample Survey Items
Governance
Our organization has an evangelist - an active advocate - who keeps stakeholders aware of the issues around information security and their importance to the business.Intelligence
We maintain a list of open source used in apps, and have a process to keep it current with security patches.SSDL Touchpoints
Security requirements are used to review feature designs.Top Features
Embed security as an integral part of your organization’s product development approach
Benchmark your company’s security efforts against peers in your industry
Understand where you need to invest additional time and resources; amplify existing strengths
Assess efforts at the team, program and organizational levels
Embed security as an integral part of your organization’s product development approach
Benchmark your company’s security efforts against peers in your industry
Understand where you need to invest additional time and resources; amplify existing strengths
Assess efforts at the team, program and organizational levels
Try it out now!
Fuel data-driven continuous improvement efforts at the team, program and organizational levels through uncommon insights and actionable feedback.