RSA 2010 Conference

March 1-3

Moscone Center

San Francisco, CA

Join Safelight at Booth #2058 to see the latest in information security training, including our newest online learning programs. Attend our customer presentation, Banking on Security Education with State Street Bank’s Vice President Jeff Richard, and cocktail reception from 6:00 -8:00 p.m. at The St. Regis Hotel to hear how this leading financial institution rolled out a comprehensive security training program for thousands of developers worldwide. You must register for this event in advance in order to attend.

Two out of three IT security professionals say the risk of data or systems breaches is related to a lack of training.

IT security professionals ranked the threat of a data breach and the resulting damage to their company brand, and loss of customer loyalty and sales as the top business driver for information security training. Though surprisingly, the majority of companies do not have formal training programs to educate staff, according to Safelight Security Advisors’ survey. Two out of three companies directly link data or systems breaches, or the risk of them, to a lack of security training at their organizations.

Yet, the state of security training is fairly bleak even with information security programs in place. Only half of companies who rate themselves a low risk for a data or systems breach say their information security policies are effective at helping to prevent them. Often times security training courses are available, but not required for those on the front lines of information security: a company’s IT and development staff.

In this survey, 60 IT security decision makers from a range of industries were asked how their companies are integrating people into their information security strategies and what practices are most effective. They were asked to estimate their current risk for a data or system breach and were categorized as either a low or high risk company. A data or systems breach was defined as including the accidental loss of control over sensitive data to malicious theft of data by insiders or external threats. They also responded to questions about the effectiveness of their organization’s security programs in people, process and technology areas, the security awareness of their management teams and the effectiveness of training IT and non-IT staff as well as IT and non-IT vendors and contractors.

You can download the complete report on the study. In today’s tough economic climate where expensive technology investments may be temporarily on hold, smaller, incremental investments targeted at training personnel on security awareness and compliance, as well as processes for ongoing security risk assessment, security procedure definition and implementation, and compliance tracking, may return significant reductions in risks for companies.

Safelight’s CEO Rob Cheyne will present a webcast for the Microsoft SDL Pro Network community on “New Technology Wearing Hand-Me-Down Vulns,” February 25, 2010 from 1:00-1:30 p.m. EDT.

Using a web service as an example, Rob will demonstrate how classic vulnerabilities can crop up in new technologies and how applying SDL principles can help build secure systems. Register for the Webcast.

At BlackHat DC 2010, Safelight Security Advisors today became a training member of Microsoft’s Security Development Lifecycle (SDL) Pro Network. Microsoft created the SDL Pro Network to help development organizations adopt the SDL and address the challenges of embedding security and privacy into their software and development culture. As one of seven new members and the only training company selected among the latest group, Safelight joins a select network of industry leaders specializing in application security with significant experience in secure development lifecycle methodologies.

“Microsoft is happy to have SafeLight join the SDL Pro Network.  We believe training is a cornerstone to the SDL and SafeLight can help train developers on secure coding practices,” said David Ladd, Principal Security Program Manager, Microsoft’s Trustworthy Computing Group.

As part of the SDL Pro Network, Safelight looks forward to continuing the mission of training students on a disciplined process that’s proven to reduce vulnerabilities and lower the total cost of development. Safelight’s instructor-led and online learning programs helps companies incorporate security best practices into their development initiatives, offering security education courses that cover all phases of the SDL:

• Introduction to the Microsoft Development Lifecycle
• Application Security Fundamentals
• Architecting Secure Systems
• Language-Specific & Language-Agnostic Secure Coding
• Testing for Secure Systems
• Managing a SDL (for project managers and team leaders)
• Risks of Insecure Applications (for business owners and executives)

Visit Safelight’s SDL Pro Network page at http://securityadvisors.com/sdl to learn more about our offerings.

Read Microsoft’s announcement on the new SDL Pro Network members in their press room.