The IMF and Aspect Security (now part of EY) created a risk-based assurance process to build the IMF’s application security program from the ground up. Presenters will share experiences in scaling from the occasional review of a few applications to providing assurance across our portfolio of applications. The session will discuss how to provide targeted training, tailored design guidance and risk-based assessment activities.
Learning Objectives: 1: Understand the value of risk-based assessments. 2: Understand how to vary the rigor of security activities based on risk. 3: Understand the value of tailored security design guidance.