addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrosseditemptyheartfacebookfolderfullheartglobegmailgoogleimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Managing Software Security Risk: Streamlining AppSec Policy

Managing Software Security Risk: Streamlining AppSec Policy Definition and Implementation

Organizations often struggle in defining security policies. Its a highly critical component that drives security programs, yet an incredibly sophisticated process in defining, creating and implementing with support of other organizational departments.

As close to 90% of attacks today originate through software applications, its essential for companies to bridge the security/development gap and prioritize application security from the ground up.

This presentation will provide some insight on defining appsec policies, highlighting the differences from InfoSec policy, attributes o effective policy and how to make policies actionable. It will articulate the best ways to use these policies, including mapping to compliance requirements and organizing new processes around policy implementation.


Tom Bain is the Director of Product Marketing for Security Innovation. Tom has nearly twelve years of experience in the IT Security and Marketing industries having worked with multiple IT Security and technology brands

Tom has a breadth of writing experience ranging from authoring industry white papers to product data sheets. He regularly presents on industry webinars at Security Innovation and for partners including Rapid7 and Wombat Security.He has been responsible for authoring copy with impact to target specific titles within an organization or industry as part of demand generation for companies he’s worked for. He’s also ghost-written multiple articles for executives for publications including Network World, SC Magazine, ThreatPost,Network Security, InfoSecurity Magazine, Computer Technology Review, ComplianceWeek,SearchSecurity, SearchCompliance, eWeek, Dashboard Insight and Dark Reading.

Join or login to comment.

  • ray d.

    THanks Ryan,,,Great for us brave few who could make it. Fun meeting at John Barleycorn after.

    April 19, 2013

  • Ryan B.

    Thanks to those who braved the weather to make it out last night. Good turnout!

    April 19, 2013

  • David A.

    Sorry, I have a family emergency so can't make it. Will be at the next one though

    April 18, 2013

  • Lou D.

    The flood has changed my plans.

    April 18, 2013

  • A former member
    A former member

    reviewed during OWASP

    April 18, 2013

  • Bob C.

    Scheduling conflict

    April 17, 2013

35 went

Our Sponsors

  • Workbridge

    Free beer and pizza and a place to meet in The Loop

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy