Web Application Security Consortium released an iteresting paper which emphasises on the need for application security classification. It’s always about finding the right security balance .
In order to make effective decisions about security tradeoffs, architects and developers need to calculate the confidentiality, integrity, and availability requirements of their applications. In short, application classification needs to precede secure application development.
The author’s experience in the industry has shown that, while most organizations have policies covering data classification, rarely do they have similar policies on application classification. Developers and architects often have to make assumptions about the sensitivity of the data that they are handling and make architectural and design trade-offs based on these assumptions.
Introducing Application Classification
In order to help solve this problem, organizations should implement a strong application classification program that is linked to application development. Each application is rated “Low”, “Medium”, or “High” on the metrics of Integrity, Availability, and Confidentiality (for definitions of these terms please consult (4)). These ratings are linked with specific security requirements within the organization’s development standards.
Read the full article : The Importance of Application Classification in Secure Application Development
Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback. Print This Post
Post InfoThis entry was posted on Thursday, April 19th, 2007 . Tagged with:
Previous Post: Live – a raw (dd-style) virtual machine tool »
Next Post: Why internal threats and vulnerabilities became hot issues. »
Read MoreRelated Reading:
- How to Protect Your Business Network from Phishing Attacks
- Animated Presentation on Sony PSN Hack
- ArcSight Tip #1 – arcsight managersetup notification test
- I’m a CISSP
- Operation:Payback or Social Vendetta is Here
- I got owned by Malware Destructor 2011 Virus
- New Downtime Cost Calculator by Storagepipe.com. What if ?
- Securing Your Network from Web Threats
- My Twitter Notes on 2010-07-25
- New NetWitness Visualize : Welcome To The Future!