ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 35
THE SAFEGUARDS
Applications
Protect
16.2 Establish and Maintain a Process
to Accept and Address Software
Vulnerabilities
Applications
Protect
16.3 Perform Root Cause Analysis on
Security Vulnerabilities
Applications
Protect
16.6 Establish and Maintain a Severity
Rating System and Process for
Application Vulnerabilities
Applications
Protect
16.7 Use Standard Hardening
Configuration Templates for
Application Infrastructure
Applications
Protect
16.8 Separate Production and NonProduction Systems
Applications
14
IG1
0/14
IG2 11/14
IG3 14/14
Manage the security life cycle of in-house developed, hosted, or acquired
software to prevent, detect, and remediate security weaknesses before
they can impact the enterprise.
Why Is This CIS Control Critical?
Protect
16.5 Use Up-to-Date and Trusted
Third-Party Software
Components
Applications
Safeguards Total
Protect
16.4 Establish and Manage an
Inventory of Third-Party
Software Components
Applications
16 - Application Software Security
Applications provide a human-friendly
interface to allow users to access and
manage data in a way that is aligned to
business functions. They also minimise
the need for users to deal directly with
complex (and potentially error-prone)
system functions, like logging into
a database to insert or modify files.
Enterprises use applications to manage
their most sensitive data and control
access to system resources. Therefore,
an attacker can use the application itself
to compromise the data, instead of an
elaborate network and system hacking
sequence that attempts to bypass network
security controls and sensors. This is why
protecting user credentials (specifically
application credentials) defined in CIS
Control 6 is so important.
CONTROL 16
16.1 Establish and Maintain a Secure
Application Development Process
Protect
16.9 Train Developers in Application
Security Concepts and Secure
Coding
Applications
Protect
16.10 Apply Secure Design Principles in
Application Architectures
Applications
Protect
16.11 Leverage Vetted Modules or
Services for Application Security
Components
Applications
Applications
Protect
16.13 Conduct Application Penetration
Testing
Applications
Protect
16.14 Conduct Threat Modeling
Applications
35
Protect
16.12 Implement Code-Level Security
Checks
Protect
Did You Know?
Small businesses are not investing enough in cyber security, 62% don’t regularly upgrade or
update their software solutions. We can work with you to develop an IT Budget and Plan
that fits your business and requirements so there are no hidden surprises.
