In Brief
SC&A: How MassMutual Builds Secure Applications
MassMutual's SC&A (security certification and accreditation) process:
By Lauren Gibbons Paul
February 01, 2005 — CSO — 1. An IT person sends a request for an IT building permit to the information security department. An infosec "consultant" goes through a short triage, and either sends the project for more evaluation or gives it a green light if the security risk is minimal.
2. The assigned consultant helps the project manager with a more detailed security questionnaire. The answers help the security consultant categorize the project as high-, medium- or low-risk.
3. The consultant continues to meet with the IT project team during development or vendor selection, checking the work against documented in-house security policies.
4. After basic system testing, the project applies for a certificate of occupancy, then heads into the quality assurance phase of testing.
5. After Q/A, the CISO signs the certificate of occupancy, and the application or system is placed in the production environment.
Other stories by Lauren Gibbons Paul
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
The Surest Path to Effective and Efficient Compliance
In this webcast, we explore why and how — with best practices, practical tips and solutions that work — to ease your compliance challenge.
- View Gartner Video: Best Practices on Web Application Security
- Make Compliance Regulations an Ally Not an Enemy
- Protecting Sensitive and Confidential Information with Endpoint Security
- Endpoint Security: Compliance at the Endpoint
- Revolutionizing Endpoint Security with a Single Agent
- Data Protection: Challenges for the Traveling User
- Effective Security with a Continuous Approach to ISO 27001
- How Are Open Source Development Communities Embracing Security Best Practices?
- The Case for Business Software Assurance ~ Securing Your Applications
- Forrester Reports 321% ROI Through Device-Based Fraud Management
- Unlock the Power of Device ID to Combat Online Fraud and Abuse
- Network Security Services: Outsourcing considerations for maximizing network protection
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Executive Seminar on Application Security
-
January 29, 2009New York, New YorkRegister now »
-
February 25, 2009San Francisco, CaliforniaRegister now »
(ISC)2 members can earn up to 6 CPE Credits
Reference priority code ONLINE and attend this program as our guest — that's a $295 savings!
