534,911 active members*
2,938 visitors online*
Register for free
Login Register
WIBU-SYSTEMS Blog

Perfection in Protection, Licensing, and Security

Security Frameworks and Digital Transformation

November 2020
11
Author: Wibu-Systems
Company: WIBU-SYSTEMS AG
Security Frameworks and Digital Transformation

The global phenomenon of digital transformation is dramatically shifting the ways businesses operate, the way they engage with customers, and the way in which they develop and deliver new products to address dynamic market shifts. One of the key enablers of digital transformation is software, which is the main reason why secure software development has attracted so much attention lately. Governments, industry organizations, and leading global corporations are racing to define best practices and deliver development and security frameworks that will enable developers to not only keep up with the changing landscape, but to deliver a new class of products and digitized processes that are safe, secure, and efficient.

Organizations like the U.S. National Institute of Standards (NIST), BSA Software Alliance, Industrial Internet Consortium, and a host of others have already published frameworks and best practice documents to help guide secure development efforts. Here is a brief overview of some of the documents that are readily available now and being updated on an ongoing basis:

  • BSA Framework for Secure Software 
    BSA | The Software Alliance has recently released The BSA Framework for Secure Software, a consolidated framework that brings together best practices in a detailed, yet holistic manner, which can guide software security experts regardless of the development environment or the purpose of the software. The framework offers an outcome-focused, standards-based risk management tool to help stakeholders in the software industry – developers, vendors, customers, policymakers, and others – communicate and evaluate security results associated with specific software products and services. Notably, Version 1.1 of the framework fully maps to the NIST “Secure Software Development Framework,” providing organizations a convenient tool to demonstrate their alignment with this NIST guidance.
  • NIST Secure Software Development Framework 
    NIST Secure Software Development Framework (SSDF), which is modeled after their Cybersecurity Framework, recommends a core set of high-level secure software development practices that can be integrated within each Software Development Lifecycle (SDLC) implementation. With the exception of the Secure Software Lifecycle (Secure SLC) standard developed by PCI Security Standards Council, few software development lifecycle models explicitly address software security in detail. NIST drafted and shared the SSDF for comment in June 2019 and released an update in April 2020.
  • Payment Card Industry Software Security Framework 
    The Payment Card Industry (PCI) Software Security Framework (SSC) is a collection of standards and associated certification programs that demonstrate good, consistent security to protect payment data. There are two standards that have been developed as part of this framework and were published in January 2019. The SSC outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data. The Secure Software Lifecycle (Secure SLC) Standard outlines security requirements and assessment procedures for software vendors to validate how they properly manage the security of payment software throughout the entire software lifecycle.
  • Building Security In Maturity Model 
    The Building Security In Maturity Model (BSIMM) is a multi-year study of real-world software security initiatives (SSIs) organized to allow developers to determine where they stand with their software security initiative and how to evolve those efforts over time. BSIMM provides guidance for secure operations (such as penetration testing, software configuration, configuration management, and vulnerability management) during deployment. By quantifying the practices of many different organizations, they can describe the common ground shared by many as well as the variations that make each unique. Because these initiatives use different methodologies and different terminology, the BSIMM requires a framework that can describe any initiative in a uniform way. The software security framework (SSF) and activity descriptions provide a common vocabulary for explaining the salient elements of an SSI, thereby allowing developers to compare initiatives that use different terms, operate at different scales, exist in different parts of the organizational chart, operate in different vertical markets, or create different work products.
  • Industrial Internet Consortium Industrial Internet Security Framework 
    The evolution of the Internet of Things includes the emergence of smart electrical grids, connected healthcare devices and hospitals, intelligent transportation, smart factories, and other cyber-physical systems. This collection of objects, devices, and sensors connected via software solutions continues to grow into the billions. As a result, enterprises large and small are at risk of being attacked from unexpected sources both inside and outside the system, whether intended or accidental. It represents a major threat to world safety and security. The Industrial Internet Consortium (IIC) believes that addressing this challenge is critical to the success of the Industrial IoT, Industrie 4.0, and the Industrial Internet revolution. To that end, IIC members have developed a common Industrial Internet Security Framework (IISF) and an approach to assess cybersecurity in IIoT systems.

If you are involved in developing products and processes that support digital transformation, or just on the periphery, it is a good plan of action to stay aware of these standardization efforts and make software security an integral part of your development and commercialization routine.

0 comments

Blog Archiv

January 2021
November 2020
October 2020
September 2020
August 2020
July 2020
June 2020
May 2020
April 2020
March 2020
February 2020
January 2020
November 2019
October 2019
September 2019
August 2019
July 2019
June 2019
May 2019
April 2019
March 2019
February 2019
January 2019
December 2018
November 2018
October 2018
September 2018
August 2018
July 2018
June 2018
May 2018
April 2018
March 2018
February 2018
January 2018
December 2017
November 2017
October 2017
September 2017
August 2017
July 2017
June 2017
May 2017
April 2017
March 2017
February 2017
January 2017
December 2016
October 2016
September 2016
July 2016
June 2016
May 2016
April 2016
March 2016
February 2016
January 2016