In continued support of our mission to cultivate a cybersecurity renaissance that will improve the resiliency of our nation’s 16 critical infrastructure sectors, defend our democratic institutions, and empower generations of cybersecurity leaders, ICIT asked some of the brightest minds in national security, cybersecurity, and technology to author essays communicating their perspective. Our goal is to share their knowledge and insights with our community to shed light on solutions to the technology, policy, and human challenges facing the cybersecurity community. Our hope is that their words will motivate, educate, and inspire you to take on the challenges facing your organizations.
ICIT Fellow Perspective Essay Authored by Darren Death:
Developing secure code for business applications is critically important. Without it, companies cannot defend against the exploitation of their software vulnerabilities, leaving businesses open to attackers and the subsequent disruption of organizational stability. By reducing the total attack surface across an enterprise’s digital inventory, an organization is effectively making it more difficult for malicious actors to retrieve sensitive organizational assets. To do so, cybersecurity requirements, principles, and tools need to be a top priority across the SDLC for applications. Developers can do this by implementing cybersecurity best practices, and static and dynamic code analysis.
For a new software project to be implemented successfully, the cybersecurity and software development teams must be well integrated, guaranteeing that cybersecurity requirements are communicated, implemented, and deployed. An organization’s leadership must be fully engaged to guard against the risk of insecurely developed software applications, including reminding all employees that cybersecurity requirements are, in fact, business requirements supported by the uppermost leaders of the organization.
In this ICIT Fellow Perspective essay, Darren Death (ICIT Fellow) details:
- Cybersecurity and Application Development Integration
- Application Development Cybersecurity Tools
- Application Host Server Cybersecurity Tools
- Managing Discovered Application and Host Vulnerabilities
- Authentication Considerations for Applications
- Application Security Management Considerations