The Internet Security Risks Facing your Organization: Test and be Saved

Writing by admin on Wednesday, 28 of July, 2010 at 8:07 am

The security of business IT systems has never been as important as it is today. Effective security can mean your business is safe from malicious activity or accidental introduction of malware. Failing to secure systems, websites, and manage employee usage of the internet exposes the company to great risks such as reputation damaged reputation, risk of system damage, loss of business, and the cost of remedial work. This is in spite of common uses of defenses such as firewalls and intrusion prevention systems.

The advent of new technologies such as Web 2.0 and the social networking phenomenon has revolutionized the internet by using existing technology in a different way to enhance communications, secure information sharing, collaboration, and functionality of the web. But, these technologies are also leading to an array of complications, greatly enhancing the risk in today’s business world. Malware targeting Web 2.0 applications is getting more diverse and harder to track and will most likely get even worse.

In order to reduce as much of the threat as possible, organizations need to identify, analyze, and report vulnerabilities in a given application. Correct firewalls must be put in place and regularly updated to account for any new threats that may arise. Security is fast becoming the focus of many regulators, and organizations and industry bodies are working together to tackle the issues that the on-line world presents. One industry that is enforcing its members to ensure a high degree of security is online retail. Companies are being forced to ensure their networks are secure to protect themselves and their customers from potential threats.

The solution adopted to ensure security in this environment is the Payment Card Industry Data Security Standard (PCI DSS), which is specifically designed to protect customer account information of credit/debit card holders. Every company that accepts credit card payments, processes credit card transactions, stores credit card data or accesses personal and sensitive data of customers are required by contractual obligation to be compliant with the PCI DSS. The complexities that PCI DSS compliance brings to an organization are significant. The mandatory elements of PCI DSS compliance should be built into business requirements definition when defining a new application to ensure they are subsequently developed and tested.

To ensure highest level of security, a best practice would adopt security measures such as, installing and maintaining a firewall configuration to protect data; do not use vendor-supplied defaults for system passwords; encrypt transmission of cardholder data and sensitive information across public networks; use and regularly update anti-virus software; develop and maintain secure systems and applications; assign a unique ID to each person with computer access; restrict physical access to cardholder data; track and monitor access to network resources and cardholder data; and regularly test security systems and processes.

Furthermore, website penetration testing (this time in a Web 2.0 environment) could highlight the areas of weakness. All changes in technology must be tested thoroughly to identify the problem areas in order to help organizations understand the measures that must be put in place to combat risk, undertake remedial work, and prevent future problems. Testing should be as objective as possible to ensure there is 360 degree coverage eliminating as many weak spots as possible.

Category: PCI Data Security Standard, Security Testing Services, Software Testing

• Add this post to
• Del.icio.us -
• Meneame -
• Digg

No comments yet.

Name (required)

Mail (will not be published) (required)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>