Financial Applications Security Weblog
Secure Applications for Open Markets
March 2002
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31            
Feb   Apr

Home
Advisories
Web Services
Web Servers
Middle Tier
Databases
Mobile
Identification
Investment Banking Technologies
Retail Banking
Payment Systems
XML



Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.

Click on the coffee mug to add Pelle Braendgaard's Instant Outline to your Radio UserLand buddy list. 		 
 

25 March 2002
 

Rise of the Chief Security Officer

Add "Chief Security Officer" to the list of must-have C-level positions at large corporations. That's the advice of information security analysts who are telling clients to hire a top executive to oversee their company's IT security. Slowly, they are seeing companies move in that direction...

... Financial institutions led the effort to hire chief security officers more than a year ago. They did so to meet new federal accounting standards to ensure that information systems that were being used to control financial records were secure, says Christian Byrnes, vice president for security programs for market researcher Meta Group. Technology companies followed.

[Internet News] [Security Focus]

This is definitely old news in large banks, but many smaller banks and institutions need to follow this up. In particular much of the work by CSO's is focused on traditional threats such as virus'es and Script Kiddies. I believe a much greater threat is looming on the internal and external application side. We'll see how this develops over the next year or so.


7:23:28 PM      comment []  

In Lockstep On Security

A company competing to win new business these days needs to bring more to the table than quality products at the right price. That company also better have effective information security--and be able to prove it. Anything less can be a deal-breaker. [Information Week]

I should think that this would be particularly true in our industry. Of course that is not always the case, but eventually lazyness in this field can't be continued.


7:13:24 PM      comment []  

Hacker speaks out on security basics

Security holes exist in just about every application, but preventing an attack can be remarkably simple, says an expert hacker.

"It's simple," says Rain Forest Puppy. "Don't feel you have to...take it from Microsoft, just figure out what services lead to security risks and turn them off."

[ZDNet][Security Focus]

This is basically what my whole approach is about. At the simplest level of a security analysis identify all the required services, modules etc on your systems. Shut off everything else. Most App Servers now a days have so many modules that most people just leave them running by default. I'd also like to add, that it might be a good idea to change any default passwords. Even on Dev machines.


3:15:07 PM      comment []  


© Copyright 2002 Pelle Braendgaard.
Last update: 25/03/2002; 16:15:07. <