Proactive Lifecycle Security Management (OWASP)

In this video the  author  Rick Ensenbach  talks about proactive lifecycle security management.He starts by presenting some statistics on how cyber crime has impacted the current IT sector .Using these stats he shows how a security bug can lead to major losses if  it is let out .He discusses on a process called security authorization that ensures that the people understand security and accept damages since it was their  own fault . He then tells why it is necessary.  He then discusses the key process players in this process and their duties thereby telling the difference between authorization,system and data owner. He then discusses the  advantages of this process and how it helps in savings and standardization.  He categorizes the security system into various processes like monitoring,authorization and reauthorization.He talks about preparation phase in which u create boundaries  and helps us build a security authorization  system for the entire  network.He then discusses these various steps involved in the preparation phase in detail . He then gives a brief idea about the system security plan.In preparation phase we implement security controls  In authorization phase , he tells us how the authorization information system works.The authorization package goes to authorization official  who signs it .It goes to continuous monitoring phase after it is approved which tracks the security state on a continuous basis and ensure that the  controls are operating. He then tells about the two  types of reauthorization  time driven and event driven. He then discusses on how it could be made much easier by continuous monitoring .He finally tells us to consider the value of this process while developing a system.He then winds up the discussion  by giving various references . The presentation ends with a simple Q and A session and the different points to remember in a proactive lifecycle security management.

Prateek Gianchandani , 20 is a student dedicated to the field of network security . He has organized a number of workshops and hacking events in his college. Learning more and more about network security always keeps him busy . His favourite passtimes include listening to music,reading novels, playing snooker etc.  He is currently doing B-tech in electrical engineering from the prestigious Indian Institute of technology ,Roorkee. u can contact him at prateek_gian [-at*] yahoo.co..in