DTCC Application Security Risk Management Case Study

This case study details the application security risk management efforts undertaken by the Depository Trust & Clearing Corporation (DTCC) in collaboration with Brinqa. The primary objective was to enhance the security of critical applications and technology assets that support essential business functions. DTCC faced challenges in managing application vulnerabilities due to the use of multiple application security tools and a lack of a unified view of application risk. To address these issues, DTCC developed the DTCC Application Vulnerability Scoring (DAVS) system, which provided a consistent methodology for scoring and reporting application security risks. The implementation involved integrating data from various sources, including vulnerability assessments and business context, to prioritize risks effectively. The case study outlines the successful outcomes achieved through this initiative, including significant reductions in developer time spent on security tools and improved real-time decision-making regarding application risks. Overall, the collaboration with Brinqa enabled DTCC to gain a comprehensive understanding of its application security landscape.