Secured SDLC Services

Applications are the greatest source of security risk to an organization’s information infrastructure, with 75% of vulnerabilities originating at the application layer.

Organizations are now familiar with the OWASP top 10 and are looking for ways to tie security requirements to the development lifecycle, addressing security requirements at an early stage of application development, rather than bolting on security fixes once applications are in production.

Integral Business Solutions has developed a Secure Software Development Methodology (SSDLC) that can be applied to enable organizations to better manage the risk of application security vulnerabilities.

This methodology is called Integral’s Secure Agile Methodology (ISAM ™) and was created by Integral Business Solutions as a formulation of "leading practices" in Secured Software Development Lifecycle (SSDLC) activities, regulatory compliance, and business policy and procedure definition.

ISAM ™ adheres to the principles of the ISO 17799:2005 Information Security Management Standard developed by the International Organization for Standardization

 

 

 

 

The Integral Secure Agile Methodology (ISAM) ™ is a collection of practices organized in a phased approach that provide the basis for an organization to ensure regulatory compliance, information security, and adherence to policy standards.

 

 

 

 

 

Integral’s Secure Agile Methodology is leveraged trough the following services:

• Architecture Assessment
• Vulnerability Assessment
• Component Assessment
• Code Assessment
• Compliancy Assessment
• Risk Analysis
• Remediation Analysis and Roadmap
• Application Integration (AAA, Directory) Secure Application Development
• Secured SDLC Leading Practices

Our Value

Integral can lead your organization through the steps to securing the SDLC process, increase utilization of current methodologies and process in place, develop ROI metrics, and help you manage risk and close the communication gap between Security and Application Development teams through frameworks to ensure that effective information security measures are taken at strategic, tactical, and operational levels.

Implementing a Secure Software Development Life Cycle (SSDLC) lowers security risk and is part of a total Defense in Depth strategy. This white paper details the development of our own Secured SDLC process through our work on business applications for the US Air Force.