Software Risk Management

Whether you have well-established risk management practices, or you are just getting started, Cigital can add value quickly and efficiently to help assess and enhance the state and confidence of your software risk management program along three dimensions: People, Process and Solutions.

Cigital's approach helps to assess risk, manage cost and control quality of software and data from vendors; measure effectiveness of the people, processes, and supporting frameworks in the software supply chain; and helps to find and govern the risks to you, your business, and your organization.

Our services are pre-packaged or customizable based on client needs, and service delivery can be provided by project, staff augmentation or in a co/outsourced capacity. We classify our offerings into Assessment Services—what is the current confidence and what is the desired confidence, and Enhancement Services—how to get to the desired confidence.

Examples of our services include:

• Soup-to-nuts software supply chain, including automation, functional and security testing
• Static code analysis tools evaluation, selection, rules customization and deployment
• Data sensitivity analysis
• PCI-DSS audit, readiness and compliance
• Data security tools evaluation and selection
• Executive-level risk-based balanced scorecard, metrics and dashboards