Overview
With the increasing need for secure applications, organizations are having to integrate security into the way they specify, design, develop, test, and maintain their applications. Citadel provides a highly-effective multi-phase program for organizations who seek to improve the security of their applications. Our program is based upon industry-recognized standards for applications security. improved application quality A side-benefit of our rigorous program is often.
Citadel’s Unique Three -Phase Learn-by-Doing Process
Phase 1: Application Security Development — Getting Started
- Secure Application Development Introductory Workshop
- Basic Training in Secure Application Development
- Guided Capabilities Maturity Assessment Workshop
Phase 2: SDL Maturity Improvement
- Project Planning Workshop
- Weekly Project Meetings
- Project Wrap-up and Next Phase Project Planning Workshop
Phase 3: Repeat as Desired; Conclude When Done
- Weekly Project Meetings
- Project Wrap-up and Next Phase Project Planning Workshop
What You Get: Continuous Secure Application Development Improvement
- Applications meet emerging business, legal, and regulatory requirements to protect the confidentiality, integrity, and availability of sensitive information and systems. Improved application quality is often a side-benefit of our rigorous program.
- Application development team learns ‘state-of-the-practice’ secure application development based on Microsoft, OWASP, and others.
- Application development team gets practical expertise in secure application development by directly applying what it is learning about ‘state-of-the-practice’ secure application development to its own projects.
- As application development team improves security of applications, it also improves capability maturity of Secure Application Development processes.
- Application development team works at own pace, consistent with work schedules, and speed of necessary implementation.
The Citadel Difference: Citadel has extensive experience working with mid-size and smaller organizations, assisting them apply their limited information security resources in effective ways. As leaders in the Los Angeles information security community, we are adept at customizing information security management best practices to these mid-size and smaller organizations: ISO 27001-02, the NIST Framework, OWASP, CISSP, CISM, ITIL® and six-sigma as well as compliance requirements such as HIPAA HITECH, GLBA, PCI DSS, NIST 800-53, NIST 800-171, GDPR, and Breach Disclosure. Our co-founder, Dr. Stan Stahl is one of the pioneers in the field of secure application development and an early practitioner of software engineering capability maturity models.