Posts tagged Code review

Vanguard Security Conference – Supplier Security

Jun 2nd

Posted by admin in Security Assesment

I spoke yesterday at the Vanguard Security Conference (http://www.go2vanguard.com) Vanguard has been doing this conference for a number of years. The focus is on Mainframe security. Most security professionals these days have never worked on MF security. I am proud to say I have back in the mid-90’s. We perhaps I shouldnt be do happy, it was over a decade ago.

The point being, that there are so many areas of security out there that most of us will never touch yet there is a dire need for professionals. The conference was less attended, as are most conferences this year, but I found the folks here are REALLY interested in learning and excited about the classes.

My topic was on Supplier Risk Management processe. You are asking yourself, what is that? I asked myself that same question in coming up with some good processes to target Supplier security. We have to go way beyond a SAS70 if you want real security over the hundreds or thousands of vendors that a large company may work with.

The Problem:

  1. No framework for managing vendor risk
  2. Inconsistent processes for tracking vendors
  3. Lack of enforcement capabilities

The Opportunity:

  1. Provide practical steps to manage vendor access/management
  2. Provide cost effective solution for risk mitigation
  3. Provide numerical risk analysis of vendor/partner security issues
  4. Risk reduction or risk acceptance
  5. Documented exposure
  6. Iterative process for risk management
  7. Happy CIO

So a Supplier Security assessment follow 4 main steps:

  1. Analyze current vendor database, catageorize each
  2. determine risk of each supplier, determine threats posed by each supplier
  3. Perform assessment tests of each supplier, their processes of interaction, and data access
  4. develop risk mitigation plan, update processed, monitoring processes

Gary Bahadur

http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity

*Managed Security Services

*Vulnerability Management

*Compliance & Policy Development

*PGP Security

*FREE Website Security Test

, , , , , , ,

Ways to Maintain Website Security

Apr 10th

Posted by admin in Web Security

With the advancement in technology comes the heavy responsibility of monitoring an organization’s sensitive and valuable information. The use of the Internet has become a necessity in organizations to exchange their data and various other business details with their business partners, vendors and clients. In many cases, during transmission of datahackers compromise a network or transmission medium and illegally gain the data. It maligns not only the market value of the company but also the number of clients that place trust in the company and the company’s infrastructure or website.

There are preventive measures that every company can adopt to maintain the value of the company as well as the client base. It is very important for any company to maintain the data securityase and safeguard the internal information of the company. The clients and business partners share their data only after confirming that the partner company will keep it safe and intact under the safety norms of the company.

By taking a few cautionary measures, one can easily secure the sensitive information of the company. Installing a firewall in the network system keeps the security intact and safe. Earlier, this was a bit expensive for companies but with the advent of technology, this has become an easily accessible tool for the organization. Affordable monthly subscriptiuons are available for firewalls, Intrusion detection systems and host intrusion prevention systems. hey need not spend a lot of money in availing these services now.

A firewall is the main defense. A firewall carries out routine security checks and blocking techniques at particular time intervals and this helps stop attacks. It will sound an alert in case of any threat posed to the data and will automatically start blocking and reporting.  on it. It never compromises on your company’s security and safety and always keeps the information safe. Firewall protection can be easily availed from various online sources at quite reasonable rates but one must always cross-check the credentials of the source company as well and only then purchase it from experts in the field.

Other than installing these tools to maintain web security, companies are also hiring third parties to review the policies and procedures of the organization and also to keep track of the online process of distribution of data of the company. These third parties install web applications that thoroughly review the codes installed in the process and provide valuable feedback to update and upgrade the quality of network systems. hough it is somewhat expensive to employ third-parties but they really keep a detailed track of the security system of their clients’ information.

Many network systems of very renowned companies are getting hacked and misused these days by the hackers. It is high time that the companies take proper action against such activities and thefts as the number of incidents are growing day-by-day. Otherwise, people will start losing their trust in sharing their personal information through web sites.

A web security expert of application security risk assessment has written this article.

Gary Bahadur
baha@kraasecurity.com
http://www.kraasecurity.com

http://blog.kraasecurity.com

http://twitter.com/kraasecurity
Managed Security Services
Managed Firewall
Managed Vulnerability Scanning

, , ,
Get Adobe Flash playerPlugin by wpburn.com wordpress themes