Robert Grupe On ...

Implementing security and regulatory compliance SSDF practices into an efficient Software Development Life Cycle (SSDL) can be quite daunting due to the scope of practices and tooling required. Just as "Rome wasn't built in a day," security implementation and improvement plans need to be prioritized based on highest business risk, and most cost-effective "bang for the buck" improvement investments.  While it might be tempting to try addressing all of the below at once, or even cherry pick through the list, they each have success dependencies on each other that are need to acheive effective execution: Document, Assess, Improve, Adjust, Repeat. 1. "Be Prepared" for today's advanced ransomware attack threats "Being prepared" is about everyone knowing who is responsible for security risk and incident responses, identifying the actions required by each responsible stakeholder, setting realistic and appropriate response timelines needed to sup...

Clarification of commonly used software development security terms Computer Technology is a broad field that easily gets confused through the use of acronyms and new product market positioning terms. Inconsistent understanding and use of these terms amongst practitioners and organizations can cause confusion and inefficiencies when communicating scope and objectives of collaborative efforts. The following is a quick reference to help clarify the most commonly used and confused terminology regarding software development security. Terms Computer Security / Cybersecurity / Digital Security / Information Technology Security (IT Security) The protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide. As such, these are the broadest all-encompassing terms having to do with a...

SUMMARY To competitively attract & retain talent organizations need to provide staff with work location and schedule flexibility options. To incentify workers into the office, offer 35-hour work week benefit To address remote working timesheet fraud and abuse management concerns, implement computer activity and video supervisory spot-checking capability To address socialization and networking needs, ensure new online and in-person programs for geographically distributed teams. PROBLEM Post-Covid Office Workers  Want improved personal-life/work balance through  Flexible working hours (e.g. childcare after-school activities, 4x10hr weeks, multiple employment, etc.) Remote working from home Eliminating personal commuting time, costs, and environmental impacts Some are  abusing remote working multiple simultaneous employment, side gigs,  quite quitting, unapproved paid absence) fraudulent employment (unauthorized subcontractor work)  Employers unsure how to...