Secure Application Lifecycle Secure SDLC Services
Our S-SDLC Services
Š 2015
infoedgellc.com
2
iGRC: Secure SDLC services Information Governance, Risk and Compliance (iGRC) Securely managing information risk, ensuring stable governance processes and aligning with Assessment regulatory mandates
Assessment
• • •
Advisory
Operationalization
• • •
Develop S-SDLC roadmap Prepare S-SDLC investment business case Create new S-SDLC organizational capabilities, services, and offerings
• •
Drive broad organizational and program change Orchestrate effective socialization and awareness campaigns Accelerate S-SDLC program, capability, and/or service implementation
•
Assurance
•
•
© 2015
Overcome secure software lifecycle impediments Assess S-SDLC maturity Identify S-SDLC value proposition
Embed smart governance to proactively monitor and manage program effectiveness Manage S-SDLC risk through by leveraging key leading indicators and customized reporting
3
infoedgellc.com
Secure SDLC: Assessment services Infoedge works with our clients to understand their existing capabilities across the S-SDLC and identify opportunities for focused improvement and capability development. Applying industry best practices, including the Microsoft SDL framework, our consultants perform the following types of assessment activities:
• • • • • •
Assessment
•
Identify the S-SDLC value proposition across the organization Discover secure software lifecycle impediments Assess organizational S-SDLC maturity Analyze S-SDLC domain capabilities Review application security policies, standards, and controls Investigate S-SDLC process flows and review release / development methodologies (e.g. Agile, Waterfall) Validate the effectiveness of existing application security activities (e.g. threat modeling, penetration, static or dynamic testing)
Information Governance, Risk and Compliance (iGRC) Managing information risk, ensuring stable governance processes and aligning with regulatory mandates
© 2015
4
infoedgellc.com
Secure SDLC: Advisory services Infoedge works with our clients to understand their existing capabilities across the S-SDLC and identify opportunities for focused improvement and capability development. Applying industry best practices, including the Microsoft SDL framework, our consultants perform the following types of assessment activities:
• • •
• • •
Advisory
•
•
Develop multi-year S-SDLC roadmap and implementation strategy Identify program mission, vision, goals and objectives Define S-SDLC control objectives, controls, and standards Develop RACI-based S-SDLC control processes and procedures Recommend organizational functional and staffing plans Conduct stakeholder analysis and obtain near real-time feedback through Voice of the Customer (VoC) sessions Determine the operating model to engage business units, partners, and other key stakeholders Co-create new S-SDLC organizational services, and offerings supported by a service hierarchy, catalog(s), and playbook(s)
Information Governance, Risk and Compliance (iGRC) Managing information risk, ensuring stable governance processes and aligning with regulatory mandates © 2015
5
infoedgellc.com
Secure SDLC: Operationalization services Infoedge works with our clients to understand their existing capabilities across the S-SDLC and identify opportunities for focused improvement and capability development. Applying industry best practices, including the Microsoft SDL framework, our consultants perform the following types of assessment activities:
•
•
•
Operationalization
•
•
•
Provide initial and on-going project management support to influence and drive organizational and program change Orchestrate and deliver broad awareness campaigns through effective communication of the value of the S-SDLC services Provide integrated executive, senior management, line of business and other stakeholder communications Develop RACI-based S-SDLC capability implementation guidance and deliver S-SDLC capability training programs Engage with key business units, partners and stakeholders to realize new service implementation at all levels Co-evolve S-SDLC service delivery capabilities over time
Information Governance, Risk and Compliance (iGRC) Managing information risk, ensuring stable governance processes and aligning with regulatory mandates © 2015
6
infoedgellc.com
Secure SDLC: Assurance services Infoedge works with our clients to understand their existing capabilities across the S-SDLC and identify opportunities for focused improvement and capability development. Applying industry best practices, including the Microsoft SDL framework, our consultants perform the following types of assessment activities:
•
•
•
Assurance
•
•
Identify critical business drivers supported by the S-SDLC program and determine leading KPIs and KRIs of interest Attach clear business outcomes to S-SDLC risk measures (e.g. % of incidents where customer data was at risk due to non-compliance of specific application development vendors) Develop a robust reporting framework by understanding information needs of key stakeholder groups and individuals Develop an operational approach collecting and “rolling-up” key metrics across the SSDLC program Design and implement an approach for sourcing, confirming, and articulating key leading metrics and embedding smart S-SDLC program governance into existing approaches
Information Governance, Risk and Compliance (iGRC) Managing information risk, ensuring stable governance processes and aligning with regulatory mandates © 2015
7
infoedgellc.com
What we do Industry Verticals Healthcare
Practice Areas Information Business Enablement (iBE) Aligning client information lifecycle, strategy, processes and objectives to drive value in key areas
Customers -
Information Solution Excellence (iSE) Harnessing skillset and industry experience to drive client success in implementing information solutions
Information Technology Excellence (iTE) Taking a cross-portfolio view to optimize the value of information technology
Information Governance, Risk and Compliance (iGRC) Managing information risk, ensuring stable governance processes and aligning with regulatory mandates
Financial Services
-
Operations
Customer information model development Customer behavior and preference information analytics Customer behavior and outcomes strategy and implementation IT service management strategies, roadmaps and implementation Payment solutions and strategy Customer payment portals Digital customer engagement strategy Medicare and Medicaid financial counseling strategy
-
Secure Software Development Ecosystem information exchange model and strategy Knowledge and information worker strategy and implementation IT portfolio optimization and rationalization New IT service development and existing solution enhancement and standardization Cloud migration and Software as a Service utilization Information and data governance, strategy and implementation Controls assessment
-
Information reconnaissance and investigations Information-driven innovation strategy design Information-driven change and adoption Technology design and implementation Service and culture transformation
-
Finance -
Products & Services
Innovation
Finance information strategy and enablement Information driven financial process acceleration Financial information transparency Spend evaluation and cost reduction strategy Demand management and chargeback/accountability model Service management investment plans (business cases) Risk assessment process and risk management framework design and implementation Regulatory compliance strategy and implementation
Sample Services Š 2015
8
infoedgellc.com
9