Skip Ribbon Commands
Skip to main content

Secure Development Life Cycle Coach Service

​A decade of infrastructure and network hardening has pushed hackers up the technology stack to exploit application security vulnerabilities as the easiest entry to your critical business systems. Gartner formulates this as, “Perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting”. However, the IT industry in general has not matured its application security capabilities. Application security is for many vendors and organizations still a secondary concern until a security or data breach in their systems is detected. However, companies can no longer afford this approach as the EU General Data Protection Regulation imposes substantial fines on data leaks of personal information. NNIT is responding to this challenge by launching a Secure Development Life Cycle Coach Service.


"With the increased focus on security, the evolving threat landscape, and the risk of substantial fines in the event of a data breach, having a secure development life cycle or DevSecOps approach that promotes security from requirement to retirement is a must."


Secure Development Life Cycle Coach Service 

The purpose of the Secure Development Lifecycle Coach Service is to guide your company through the implementation of current best practices in secure software development in order to protect your business from the consequences of a data breach. 

The service is tailored for companies with in-house IT development teams that are challenged by the increasing security and privacy demands imposed by the evolving threat landscape and the EU General Data Protection Regulation. 

The goal of the service is to increase the security and privacy assurance level of software developed by IT development teams, by adding security and privacy best practices to the existing in-house software development process. Therefore, the aim is not to replace the existing processes, but to extend and enhance. For DevOps teams that means making security a centerpiece in your approach to create DevSecOps. 

The service uses a risk-based approach in order to balance cost versus benefit during implementation of the secure development life cycle.


Key Activities

The following sections describe the key activities in the Secure Development Life Cycle Coach Service. However, the service can be tailored to meet your business needs.

Stakeholder interview

The first activity in the service is to conduct a stakeholder interview in order to clarify the primary business concerns in the below listed areas:

  • Protection of critical business systems and data

  • Protection of personal data

  • Compliance with laws & regulations

Secure Development Gap Analysis

A gap analysis of the current software development processes is conducted to uncover potential weaknesses and improvement opportunities. The gap analysis covers all phases of the software development life cycle from requirement to retirement.

Development Team Workshop

A workshop is conducted with the in-house development teams in order to verify the findings from the gap analysis and discuss the possible mitigations and their consequences. The Secure Development Life Cycle Coach uses the workshop to gauge the impact of implementing various security and privacy development best practices.

Risk Analysis & Recommendations

Building on the gap analysis and the development team workshop, a risk analysis with recommendations is produced and presented to the stakeholders. The recommendations will focus on the most cost-effectives ways to enhance the existing in-house development process with secure development best practices to counter the security, privacy, and compliance risks exposed by the gap analysis.

Secure Development Roadmap 

Based on the stakeholder prioritization of the identified risks and recommendations a secure development road map is created to ensure that the chosen secure development best practices are implemented in a manner that safeguards the continued productivity of the development teams.

On-site Coaching & Implementation Guidance

During the implementation of the road map the coach provides guidance and hands-on assistance, such as:

  • Providing secure development training for architects, developers, and testers

  • Updating policy and procedure descriptions

  • Conducting security assessments of business-critical applications.



Who are we?

The NNIT Application Security Team consists of highly skilled professionals, specialized in designing, implementing, and testing applications with critical security and privacy requirements. It is on that solid foundation in application security that we have condensed the pertinent knowledge of best practices into the Application Security Assessment Service.

Learn more

If you want to learn more about this service, please contact Thomas Lund Erichsen at TMLN@nnit.com.

 

 

Thomas Lund Erichsen+4530756951tmln@nnit.comManager - Application Securityhttps://dk.linkedin.com/in/thomas-lund-erichsen-9177062Thomas Lund Erichsen

 

 

VR Cybersecurity Traininghttps://www.nnit.com/cybersecurity/Pages/VR-Cybersecurity-Training.aspxVR Cybersecurity Training
The Fine Art of Aligning Business Strategy and Information Security Strategyhttps://www.nnit.com/OfferingsAndArticles/Pages/The-Fine-Art-of-Aligning-Business-Strategy-and-Information-Security-Strategy.aspxThe Fine Art of Aligning Business Strategy and Information Security Strategy
​​​Building a sustainable defence: How to secure your operational technology (OT) environment​https://www.nnit.com/OfferingsAndArticles/Pages/BuildingSustainableDefence.aspx​​​Building a sustainable defence: How to secure your operational technology (OT) environment​
Breach Preparednesshttps://www.nnit.com/OfferingsAndArticles/Pages/Breach Preparednes.aspxBreach Preparedness
Scaling Data Science with NNIThttps://www.nnit.com/digital-transformation-and-innovaton/Pages/Scaling-Data-Science-with-NNIT.aspxScaling Data Science with NNIT
NNIT Cybersecurity Summit 2019https://www.nnit.com/Pages/NNIT-Cybersecurity-Summit-2019.aspxNNIT Cybersecurity Summit 2019
PFA: “Data science is not an IT discipline; it is a business discipline”https://www.nnit.com/OfferingsAndArticles/Pages/PFA-Data-science-is-not-an-IT-discipline;-it-is-a-business-discipline.aspxPFA: “Data science is not an IT discipline; it is a business discipline”
Agilehttps://www.nnit.com/advisory-services/NNIT_Academy/Pages/Agile.aspxAgile
Digital Work Placehttps://www.nnit.com/advisory-services/NNIT_Academy/Pages/Digital-Work-Place.aspxDigital Work Place
Advisory & Methodologyhttps://www.nnit.com/advisory-services/NNIT_Academy/Pages/Advisory-Methodology.aspxAdvisory & Methodology