These are the things that keep most security people up at night. People are very smart and if there is a way to get around security they will, so what can we do? Start baking! No, not the food type of baking…the kind of baking that happens when a new product, service, application or system is added your organization. By including security and DR/BCP into the SDLC and Change Management process these types of things can be evaluated before they are released into production thus reducing risk. How does this work? If the company requires a security evaluation checklist and sign-off process early on in the SDLC then these security requirements and default settings are brought to light. At this point the company can either choose to move ahead with the product or scrap it. If the company moves ahead and requires security sign-off along the way then the company has a much better chance of having default settings still resident. The complete cycle would include a security or risk evaluation before and after release into production. Finally, don’t forget End User Testing since this is where you can discover areas in which a user might side step security.
Protecting the Mobile Workforce
Seven ways to safeguard your company's roaming data from thieves, hackers, viruses and just plain stupidity
» View Article
These are the things that keep most security people up at night. People are very smart and if there is a way to get around security they will, so what can we do? Start baking! No, not the food type of baking…the kind of baking that happens when a new product, service, application or system is added your organization. By including security and DR/BCP into the SDLC and Change Management process these types of things can be evaluated before they are released into production thus reducing risk. How does this work? If the company requires a security evaluation checklist and sign-off process early on in the SDLC then these security requirements and default settings are brought to light. At this point the company can either choose to move ahead with the product or scrap it. If the company moves ahead and requires security sign-off along the way then the company has a much better chance of having default settings still resident. The complete cycle would include a security or risk evaluation before and after release into production. Finally, don’t forget End User Testing since this is where you can discover areas in which a user might side step security.
Dirty Tricks: Social Engineers' Favorite Pickup Lines
Tabletop Exercises: 3 Sample Scenarios
19 Ways to Build Physical Security Into Your Data Center
Get instant notifications when whitepapers, webcasts and case studies are added to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
» More blogs
CSO Perspectives
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
Trend Micro ranked #1 against real-world malware. Read more.
64-page prescriptive guide to security, compliance, and IT operations.
Removing Barriers To Better Server Virtualization Efficiency
Mining for Gold: Cybercrime Prevention and the Role of Log Management
The Executive Guide to Data Loss Prevention
Organizations can spend up to 50% more on compliance efforts than necessary.
White Paper: A Security Blueprint Delivered From within the Network
Read the RSA report: Security for Business Innovation
Upgrading to VMware vSphere with vWire
Explore the increasing importance of log management as cybercrime threats grow.
The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
Implementing Best Practices for Web 2.0 Security
Five Ways to Reduce Your IT Audit Burden
THE IDG NETWORK