The Cloud Security Alliance DevSecOps working group (WG) issued high-level guidance in Cloud Security Alliance, Information Security Management through Reflexive Security: Six Pillars in the Integration of Security, Development, and Operations1 on a new approach to application security called “Reflexive Security.” The six pillars are considered to be the critical focus areas for any organization interested in implementing Reflexive Security or DevSecOps.
One of the pillars is “Pillar 2: Collaboration and Integration’’ which can be summarized as “Security can only be achieved through collaboration, not confrontation.” Security is a team sport that requires collaboration across the board between various organizational roles including business leaders, domain experts, the security personnel, architects, software developers, pentesters, SOC analysts, and product/project managers. Collaboration between key stakeholders and various organizational roles is required to ensure that the threat landscape relevant to the business sector is well understood, and that the organizational practices for IT activities including the software
development lifecycle follow proper security hygiene. Various stakeholders also need to collaborate to make sure the organization supports continuous role-based security training. The security champions have to work with other teams in the organization to ensure that the security practises are well-documented and often communicated across the organization. The leadership and the security teams need to collaborate to ensure business continuity risks factor in relevant cyber risk and that the business has appropriate cyber incident response strategies in place.
Views: 2