It has been a long time since the introduction of the Microsoft Secure Developmentlife cycle, providing a framework from companies on how to implement security inthe SDLC. But the state of the art is that several companies are not much willing toconsider the security aspect while building their applications. We live in a age whereInternet of Things is flourishing giving rise to new threats and thus the threat landscapeis increasing. We never know what will come in our way when the application is live andin the market for the customers to use. Companies are seen struggling in taking informeddecisions when it comes to accepting the importance of implementing security in eachand every phase of the SDLC.It becomes important to take into consideration the thought process of the management when it comes to adopting a suitable approach or process for the SDLC. There havealways been controversies related to the budget which goes into implementing security,the impact on the delivery schedule, the efforts or resources required and the value itwould give in return to the customer and the organization. The goal of the thesis is tohelp the organization realize the importance of building in security in the application andhelp them take informed decisions by creating risk awareness. The subjects under focuswould be the study of existing practices the organization follows, what if security stepsin, how to achieve a trade-off between investment in security and the benefits reapedout of it. It is also equally important to understand the organizational and human factorsdealing with information security while building the application.The target audience would be everybody involved in the company(any size) from theexecutive body to the support/operations team, including the business developers, project managers, system architects, developers, testers,etc in an agile centric environment.The reason in having the entire organization buy in security is because security has to beembedded in every phase to assure an end-to-end security in order to minimize the riskswhen the product/application is live and is hit by any incident.