WIBU-SYSTEMS

Perfection in Protection, Licensing, and Security

Security Frameworks and Digital Transformation

MarketingWIBU-SYSTEMS AG on November 11, 2020 at 4:05 PM

The global phenomenon of digital transformation is dramatically shifting the ways businesses operate, the way they engage with customers, and the way in which they develop and deliver new products to address dynamic market shifts. One of the key enablers of digital transformation is software, which is the main reason why secure software development has attracted so much attention lately. Governments, industry organizations, and leading global corporations are racing to define best practices and deliver development and security frameworks that will enable developers to not only keep up with the changing landscape, but to deliver a new class of products and digitized processes that are safe, secure, and efficient.

Organizations like the U.S. National Institute of Standards (NIST), BSA Software Alliance, Industrial Internet Consortium, and a host of others have already published frameworks and best practice documents to help guide secure development efforts. Here is a brief overview of some of the documents that are readily available now and being updated on an ongoing basis:

  • BSA Framework for Secure Software 
    BSA | The Software Alliance has recently released The BSA Framework for Secure Software, a consolidated framework that brings together best practices in a detailed, yet holistic manner, which can guide software security experts regardless of the development environment or the purpose of the software. The framework offers an outcome-focused, standards-based risk management tool to help stakeholders in the software industry – developers, vendors, customers, policymakers, and others – communicate and evaluate security results associated with specific software products and services. Notably, Version 1.1 of the framework fully maps to the NIST “Secure Software Development Framework,” providing organizations a convenient tool to demonstrate their alignment with this NIST guidance.
  • NIST Secure Software Development Framework 
    NIST Secure Software Development Framework (SSDF), which is modeled after their Cybersecurity Framework, recommends a core set of high-level secure software development practices that can be integrated within each Software Development Lifecycle (SDLC) implementation. With the exception of the Secure Software Lifecycle (Secure SLC) standard developed by PCI Security Standards Council, few software development lifecycle models explicitly address software security in detail. NIST drafted and shared the SSDF for comment in June 2019 and released an update in April 2020.
  • Payment Card Industry Software Security Framework 
    The Payment Card Industry (PCI) Software Security Framework (SSC) is a collection of standards and associated certification programs that demonstrate good, consistent security to protect payment data. There are two standards that have been developed as part of this framework and were published in January 2019. The SSC outlines security requirements and assessment procedures to help ensure payment software adequately protects the integrity and confidentiality of payment transactions and data. The Secure Software Lifecycle (Secure SLC) Standard outlines security requirements and assessment procedures for software vendors to validate how they properly manage the security of payment software throughout the entire software lifecycle.
  • Building Security In Maturity Model 
    The Building Security In Maturity Model (BSIMM) is a multi-year study of real-world software security initiatives (SSIs) organized to allow developers to determine where they stand with their software security initiative and how to evolve those efforts over time. BSIMM provides guidance for secure operations (such as penetration testing, software configuration, configuration management, and vulnerability management) during deployment. By quantifying the practices of many different organizations, they can describe the common ground shared by many as well as the variations that make each unique. Because these initiatives use different methodologies and different terminology, the BSIMM requires a framework that can describe any initiative in a uniform way. The software security framework (SSF) and activity descriptions provide a common vocabulary for explaining the salient elements of an SSI, thereby allowing developers to compare initiatives that use different terms, operate at different scales, exist in different parts of the organizational chart, operate in different vertical markets, or create different work products.
  • Industrial Internet Consortium Industrial Internet Security Framework 
    The evolution of the Internet of Things includes the emergence of smart electrical grids, connected healthcare devices and hospitals, intelligent transportation, smart factories, and other cyber-physical systems. This collection of objects, devices, and sensors connected via software solutions continues to grow into the billions. As a result, enterprises large and small are at risk of being attacked from unexpected sources both inside and outside the system, whether intended or accidental. It represents a major threat to world safety and security. The Industrial Internet Consortium (IIC) believes that addressing this challenge is critical to the success of the Industrial IoT, Industrie 4.0, and the Industrial Internet revolution. To that end, IIC members have developed a common Industrial Internet Security Framework (IISF) and an approach to assess cybersecurity in IIoT systems.

If you are involved in developing products and processes that support digital transformation, or just on the periphery, it is a good plan of action to stay aware of these standardization efforts and make software security an integral part of your development and commercialization routine.

Login or register now and enjoy all the benefits of a community!

To get the whole functionality of IndustryArena Forum you need to login or register. This process is absolutely free.

Password forgotten?
Contact request
Guest Photo
Your message
The controller within the meaning of Art. 4(7) GDPR is: IndustryArena GmbH, Katzbergstraße 3, 40764 Langenfeld, Germany.
You may reach our data protection officer under [email protected].

Purpose of processing
We process your personal data concerning the use of the contact form and the communication with the company of the newsroom as well as the transmission of your data to this company in accordance to Art. 6 (1a) GDPR. This constitutes a legitimate interest for us in accordance to Art. 6 (1f) GDPR.

Recipient of the data
Within our organization, those units gain access to your data, which are necessary to fulfil the above purposes.
Personal data will only be transmitted to third parties if this is necessary for the aforementioned purposes or if another legal basis exists. If necessary, we conclude the corresponding data protection agreements with third parties, in particular pursuant to Art. 28 GDPR.

Data storing
Your data will be transmitted to the company of the newsroom for further processing. The period of storing is the duration of the processing of your request by the respective company.

Select contact person

Newsroom Logo

Design options

  • Title text color:
  • Content background:
  • Content text color:
  • Navigation background:
  • Tab text color:
  • Active tab text color:
  • Link text color:
  • Active link text color:
  • Background image Background color:

    How do you want to position the background-image?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the background image

  • Banner

    How do you like to align the banner?

    Please note: Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.

    Set the link for the banner

  • Skyscraper

    Set the link for the skyscraper

Please note:

Banners and skyscrapers are only saved for the current language. For other languages, change the language using the button at the top right.