Читать книгу Corporate Cybersecurity - John Jackson - Страница 39

It’s crucial to keep in mind that the answers to some of the questions covered in this section may be trivial. If known, that’s absolutely fantastic! When the answers are not known, future program managers may be able to find out without disrupting the team or space. Managers should make an effort to be cordial and responsive to concerns or pushback. It’s always better to know than to assume: operating in a presumptuous way can open the door to security issues or ineffective vulnerability management processes. In reality, the questions that proceed are to be used as a baseline and not as a full representation of an enterprise risk management guide.

During the processes of identifying risk, application security managers will find that many other questions arise – that’s great! Ask them! Operating in a way that creates a dialogue between the various teams and application security is a great first step toward building rapport and trust. Maintaining trust is an essential part of securing the organization, as it is impossible to remediate vulnerabilities if other teams do not trust the remediation techniques that will be placed by the application security team. While it may not initially be possible to understand how every single team works together, application security is most effective when an application security manager can envision the macrovision of enterprise security. In addition, application security managers should avoid siloing off and exercising an “unreachable” state. The resolution of vulnerabilities can occur twice as fast if managers know the other major players and innovators within the organization. Here are some questions that can be asked with explanations of why these questions should be answered.