This last part will focus on ways that you can build on what has been discussed in the first two parts and pivot to developing a roadmap that aligns with the development organization. That roadmap then needs to be measured and tracked in order to measure the success of the program.
In chapter 7, you’ll start putting the pieces together on a roadmap by looking at the current security posture of the organization and understanding what the security and nonsecurity goals are of the organization. The roadmap will need to ensure that the security goals align with the business goals of the organization; otherwise, the security goals may run into failures. Additionally, the application security team needs to consider the gaps that exist in the organization that create a security concern and use a gap analysis to identify where their efforts need to be placed.
Chapter 8 will provide guidance on how to measure the effectiveness of the security tools and processes that are being used by the organization. You’ll see how using key performance indicators (KPI) and feedback from your partners in the development organization will better enhance your metrics and help you get a better measurement of the progress your program is making.