How can companies and IT security leaders keep a security breach from becoming a long-term problem and stop it from negatively affecting their customer base?
Such a system is rife with opportunities for unintended and undesirable information disclosures. It needlessly multiplies the opportunities for social "phishing" attacks directed against government users. It is, frankly, an information catastrophe waiting to happen.
IT security leaders rely on penetration testing to determine whether applications are secure. But penetration tests can't be a primary source of assurance, says Jeff Williams, co-founder of OWASP.
While organizations need to make investments in data protection and storage, it's crucial that they first get a real handle on classifying their data before allocating resources in the wrong places.
An analysis of many recent studies suggests that over 80 percent of applications contain simple vulnerabilities. Here are five tips that developers can leverage to secure their code.
Enforcement and class actions are what the year 2011 will be remembered for in privacy. So, how can pros prepare for the inevitability of a litigious and increased-enforcement environment?
Moving into 2012, IT risk professionals will need to develop deep areas of subject-matter expertise. Here are some areas of increasing importance for your organization - and your career.
After reviewing the results of the IIA's new Emerging Trends and Leading Practices survey, we must ask ourselves, "Are we doing our absolute best to meet our stakeholders' needs?"
2011 has offered quite a number of tough lessons for security professionals. Here at (ISC)2, where security education is our focus, the close of another year raises the old teacher's question: "What have we learned, class?"
It seems to just be "understood" that if you're accepting favors you're doing so because the vendor expects to influence you and that you've compromised yourself if you start down that path. During the course of my career, I've seen only a couple of incidents of this type.
Careful coordination is needed: Are we duplicating services? Worse, are there risks that fall between the cracks, into the gray areas on the borders of our separate assurance functions?
While the debate over privacy swirls, the actual voice of the consumer is rarely heard. Until now. And what the consumers have to say in new research about privacy notices and data usage may surprise you.
Although it's encouraging that security is now considered part of the software quality paradigm for customers' needs, the question remains: "Do we have the cyber skills needed for today's chaotic, application-driven world and its ever-increasing need for security?"
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.