VSIP PARTNER Security Compass Partner overview
Jan 14, 2016
VSIP PARTNER
Security CompassPartner overview
VSIP PARTNER
Visual Studio Industry PartnerSecurity Compass
NEXT STEPS Contact us at: [email protected]
Security Compass is an industry-leading information security firm that provides professional services and training to security-conscious companies. We bring extensive, internationally recognized, cross-industry experience to every client engagement. To our clients, we're not simply an information security company - we are trusted partners in the development of secure software.
Website www.securitycompass.com
Blog labs.securitycompass.com
Twitter @securitycompass
Demos http://sdelements.com/videos/
Whitepaper
http://sdelements.com/security-requirements/
Resources http://sdelements.com/media/pdf/sde-intro-deck.pdf
Expertise• Security, Security
Requirements, Security Testing, Secure Development Lifecycle, Requirements
2
VSIP PARTNER
Visual Studio Industry PartnerSecurity Compass
Name Description Pricing & Licensing
Product name and link to product page on your site.
Product description Pricing and licensing information.
SD Elements SD Elements is a security requirements solution. Users get tailored security, privacy and compliance requirements and
corresponding test cases from a live and growing database of security threats. Requirements and test cases are imported into TFS as work items. Developers integrate security in with little
disruption to their development process.
Licenses are based on the number of users in the connected TFS & any
other ALM solutions. Contact Security Compass for the latest
pricing
Product Information
3
VSIP PARTNER
• http://sdelements.com/features/
• http://sdelements.com/security-requirements/#!/automated-scaling
• http://sdelements.com/videos/
INTEGRATION OVERVIEW
Diagram description1. A project manager
(PM) or architect models an application in SD Elements by answering a questionnaire
2. SD Elements creates a set of threats and corresponding countermeasures specific to the application
3. PM or architect sets up integration with Team Foundation Server
4. Developers work on security work items from TFS just like other work items
5. Security verifies that security requirements are followed
RESOURCES
Visual Studio Industry PartnerSecurity Compass
4
VSIP PARTNER
Visual Studio Industry PartnerSecurity Compass
Title With the Help of SD Elements, image32 Enables Physicians to Deliver Better Patient Care
Summary How a small startup met HIPAA and data security requirements efficiently and cost effectively
Situation Image32 needed to build applications for uploading and viewing images in a secure cloud. Those applications needed to meet the requirements of the Health Insurance Portability and Accountability Act (HIPAA)
Benefit Application Security and regulatory compliance made easy. Now with image32, patients and physicians can safely upload medical images to a secure, cloud-based storage area from which the image can be viewed.
For more info
http://sdelements.com/case-studies/image32/
Case Study: image32Title Health Care Plan Provider Improves App
Security and Reduces Audit Findings with SD Elements
Summary A not-for-profit, California-based health plan provider standardized its software development lifecycle process across the organization. But the application security analyst knew that more would need to be done to reduce the number of audit findings.
Situation Poor non-functional requirements process impacts application security – the health plan provider was pushing around a static 40-page Word document that outlined their non-functional requirements. It is easy to miss key security requirements while other requirements may not apply to specific projects.
Benefit More secure apps, fewer audit findings - It didn’t take long for the organization to acquire proof that Non-Functional Requirements (NFRs) are the key to reducing audit findings. “Because NFRs were baked into the process, the first application that we built from scratch, without the use of any legacy code, was the first app to get a perfect score with static analysis,” says the application security analyst. “SD Elements gave us tangible evidence that the application was secure.” With that success, the organization began devoting attention to other applications that may be more of a concern, including legacy applications and those developed by third parties.
For more info
http://sdelements.com/security-requirements/#!/healthcare-insurance
Case Study: Not-For-Profit Health Plan Provider
6