CISO’s Guide to Sensitive Data Protection
An application security viewpoint
Emerging data protection and privacy laws are causing organizations to scramble to implement strategies that address regulatory compliance and data security governance. And the SolarWinds software supply chain attack, in which attackers inserted a malicious back door into its network software release that later led to sensitive data exposure, further underscores the need to secure the DevSecOps processes and software supply chain.
Download the white paper today
Read this white paper to learn about:
- Key global data privacy laws and data security standards
- Major cyber security and privacy frameworks and application security standards including OWASP Top 10, CWE Top 25, and CISQ
- The steps required for creating a data security strategy, including data discovery, identifying data sensitivity level, setting access policies, and defining dataset management workflows
- Security best practices such as threat modeling, penetration testing, secrets management, and holistic systems security engineering
- AppSec tools including static application security testing, interactive application security testing, dynamic application security testing, and software composition analysis, which can alert developers about secrets, sensitive data (credit card numbers, SSNs), and back doors in source code, binary files (supply chain software), logs, databases, and files
- An Intelligent Orchestration solution that lets you create your own customized continuous integration/continuous delivery pipeline in the cloud that automatically performs the right security tests at the right time, based on user-defined policies, risk profiles, and severity/context-specific code changes
