NEW YORK – September 22, 2015 –– As the information explosion continues, applications are proliferating and becoming increasingly diverse – moving from mainframes and servers to clouds, smartphones, wearables and other devices. In an effort to better prepare organizations with the risks associated with applications, the Information Security Forum (ISF) today announced the launch of Application Security – Bringing Order to Chaos, the organizations latest report which describes how application risk is increasing and why managing risk is critical, given the impacts organizations are experiencing and their reliance on applications.
From their earliest days, applications provided automation and efficiency, helping organizations run business processes and back office functions quickly, inexpensively and to scale. But today, the ability to create applications, once exclusive to vendors and in-house programmers, has become routine. Applications are increasingly vital to mission-critical product and service delivery in all sectors such as running manufacturing lines, checking passports at the border, executing financial transactions and distributing energy. But, despite their best intentions, many organizations are failing to apply good practice consistently across the application life cycle, leaving gaps that expose the organization to risk.
“Modern applications are written in multiple languages and run on myriad devices. They can be obtained in minutes with a credit card – then loaded with sensitive business information, often bypassing good security, governance and procurement practices,” said Steve Durbin, Managing Director, ISF. “Organizations no longer have the luxury of managing a handful of applications. Today’s portfolios contain thousands of diverse applications that complicate lines of responsibility and introduce unknown risk.”
Chief Information Security Officers (CISOs) acknowledge the need to address application risk, yet many are not doing so. Moving forward, organizations of all sizes must identify and resolve the organizational barriers that impede application risk management. Application Security – Bringing Order to Chaos equips ISF Members to improve governance and risk management across the application life cycle. It does this by:
- Articulating the magnitude of application risk
- Providing practical guidance on how organisations can overcome operational barriers with clear governance, better communications, the right skills and actions to address immediate risk
- Setting out an approach that incrementally improves application risk management and embeds good practice across application portfolios
“Best practice guidelines to reduce the risk of attacks are available, and they work,” continued Durbin. “But, application risk needs to be governed effectively; otherwise good practice will be applied inconsistently across the application life cycle, leaving risk unmanaged. Organizations that do not secure their applications will continue to present themselves as easy targets, thus leaving them open to certain reputational damage and financial loss.”
The ISF Application Security Framework is essential to the ISF approach to addressing application risk and has been developed to help organizations improve security at all stages of the application life cycle. The framework is a structured, comprehensive set of twenty-seven best practice guidelines, derived from leading practice, expert input, reputable standards and other guidance. It is supported by an iterative approach for use by ISF Members to address immediate risk and incrementally improve information security across their application portfolios. For more information, please visit the ISF website.