Product security needs a holistic approach (reblog)

A reblog today, of an expert for once

Peter Kornelisse

How do you secure a webshop, an electronic car, an office management system? Securing an IT-enabled product requires you to consider many topics, and missing one topic could already result in a security flaw of that product.

Let us presume that you have a webshop that sells books. What security measures do you need, to protect the data about the books that you sell, their availability and prices, as well as your customers’ transactions?

Software developers will think about security in  source code and application logic, whilst system and network administrators will think of the IT infrastructure on which the application will run. Who has the holistic view of all relevant security measures that should be in place?
Realising an eCommerce webshop, are your IT processes well-equipped to be online, or are they only a fit for internal office automation? Being online implies being operational 24/7 and considering to be 24/7 under attack, is that also your requirement?
Also, what does creating an online…

View original post 209 more words

About maverisk

Maverisk Consultancy, IS Audit and Advisory services: Wikinomics meets governance and audit; otherwise, see my personal LinkedIn profile
This entry was posted in Information Risk Management, Information Security, Innovation (technologicallly driven) and tagged , , , . Bookmark the permalink.

Your comments are welcomed!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s