The IMF and Aspect Security (now part of EY) created a risk-based assurance process to build the IMF’s application security program from the ground up. Presenters will share experiences in scaling from the occasional review of a few applications to providing assurance across our portfolio of applications. The session will discuss how to provide targeted training, tailored design guidance and risk-based assessment activities.
1: Understand the value of risk-based assessments.
2: Understand how to vary the rigor of security activities based on risk.
3: Understand the value of tailored security design guidance.