Implementing a Secure Development Lifecycle (SDL) is a complex and challenging transformation for any organization. GDS has experience in both managing the planning, development and implementation of an SDL where one does not already exist, as well as providing advice and consulting on the improvement of SDL practices that are already in place.
Any Secure Development Lifecycle implementation will represent a program of change for an organization, with changes to technology, technical and business processes, and practices. GDS has extensive experience in management of business change in these areas, and will design in conjunction with stakeholders an implementation approach tailored to that particular organization. Key practices, such as designing change to be able to demonstrate measurable progress at each phase of implementation, allow GDS to help organizations put in place business-as-usual capabilities and practices that are used and measurable.Examples of the areas that GDS can assist with SDL Transformation include:
SDL Project Management
GDS combines information security professionals experienced in the PRINCE2 (PRojects In Controlled Environments) approach for project management with extensive familiarity with managing the design and integration of SDL processes and technologies. Combined with our experience in leading business change in development and information security teams, GDS is an excellent choice to manage your SDL deployment or rollout.
Secure Process Review
Often the first step in implementing a Secure Development Lifecycle (SDL) is gaining an understanding of the current state of an organization, determining the level of maturity in the consideration of security at different stages of development, and allowing us to compare and contrast the organization against their peers in their industry and region. This process provides a valuable input into the process of developing an organization's strategic roadmap of future change. Examples of the areas that GDS can assist with Secure Process Review include:
Using leading industry models such as OpenSAMM (Open Software Assurance Maturity Model), GDS will provide an analysis of the current maturity of the organization's consideration of security during development. This can provide a valuable insight into complementary activities occurring at different parts of the organization, as well as highlighting areas of excellence and areas requiring especial attention. When compared to accepted practice in that industry and region, this process can provide valuable insight into where an organization may need to consider how they are addressing certain risks in contrast to approaches adopted by their peers.
Building on a Maturity Review, GDS can assist in the development of the organization's strategic roadmap for secure development improvement. The strategic roadmap will generally outline the planned improvements in capability to be developed and implemented over a period of months or years, providing a framework for planning and measurement of related activity in disparate parts of the organization.
In addition to SDL Transformation, GDS offers the following related services:
- Threat Modeling
- Security Design and Architecture
- Secure Development Training
- Staff Augmentation
- SDL Tools Integration