Financial Guide
for Financial Services

Software Security Assurance:
Compliance Guide for Financial Services
Financial services organizations manage among the most critical and private data in the world, yet must make their systems open and available across the web. These competing requirements demand the highest levels of security assurance in the software that manages and transmits this critical data. Reflecting this concern, regulations and compliance frameworks have been created, holding organizations accountable for insecure software and its risk to customer data, and requiring ongoing, measurable software security assurance programs.

Businesses, armed with automated software security assurance tools such as Ounce Labs provides, can now have the metrics and policy compliance information they need to report to key executives, auditors and regulators on the process and state of their software security assurance efforts.

This guide will help you in setting up the software security assurance process and complying with the applicable regulations.

This guide provides key personnel charged with fulfilling these various requirements with a quick reference to understanding:

• The major compliance categories into which software security assurance activities fall, including Risk Assessment and Vulnerability Management and Remediation.
• The applicable regulatory and compliance frameworks and the specific control activities within each that apply to software security assurance activities.
• The Ounce Labs solution and the way in which its capabilities provide the necessary metrics and policy compliance information to help prove compliance with these activities.

This guide covers GLBA and the FFIEC, PCI Data Security Standard, Sarbanes-Oxley, COBIT, and ISO 17799 regulatory and compliance frameworks.

About Ounce Labs, Inc.

Ounce Labs' solutions enable organizations to identify, prioritize and eliminate business risk to the enterprise caused by software security vulnerabilities. With Ounce Labs, organizations strengthen application security, protect confidential information and verify compliance with both internal policies and industry mandates such as PCI, FISMA, HIPAA and others.

Ounce Labs' software analyzes application source code to provide the most complete and accurate analysis of application vulnerabilities and their relative priorities, enabling business users and IT professionals to optimize their resources on resolving the most critical issues.

Unique in its ability to scale across an organization's entire portfolio of applications, Ounce is used enterprise-wide by many of the world's most security-conscious organizations, including AT&T, EDS, IBM, Intel, Lockheed Martin, MFS, the U.S. Air Force, the U.S. Government Accountability Office, Unisys and VeriSign.

Led by senior executives with deep enterprise software and security expertise, Ounce Labs is headquartered in Waltham, Massachusetts, with regional offices throughout the U.S. For more information, please visit www.ouncelabs.com.

Once you have completed your download, please use your Ounce Labs ID to access any of our other in-depth security publications in our Library.

back to top