Professional, Intermediate, Novice User Guide for all of Us

Working Out, Sweating it Out - Cigital Workbench

August 18th, 2008 chris

Doing Risk Management is a tedious process without automation. A key requirement for putting a Risk Management Framework into practice is automating aspects of the process. Those aspects best suited for automation include tracking, storing, and manipulating data about risks; displaying and measuring data about risks; and providing critical information and automation regarding processes.

Cigital provides professional services based on applying the Risk Management Framework philosophy. Using a toolset called the Workbench makes our jobs as consultants more efficient, effective, and consistent. It is a combination of simple tools and automated processes used to help consultants assess software quality.

The Workbench has three major components:

  1. Quality workflows and knowledge

    • Automated RMF

    • Process models and detailed descriptions of software assurance methods (called “the Matrix” internally)

    • Deliverable templates, reporting, and metrics

  2. Project communication and collaboration tools

    • A risk management dashboard, used to communicate risk mitigation status and progress

    • A complete knowledge management and document management system

    • Decision criteria and guidance

  3. Process evolution and knowledge capture

    • Process models built to be instantiated and adjusted in particular projects

    • History and knowledge catalogs

Posted in Software Security