Category: Risk Management

Despite the rising costs and impact of application compromise — recent data found that 58 digital records are stolen every second and breaches cost companies an average of $3.6 million — many best practices and procedures for securely designing, developing, testing and protecting applications are largely ad-hoc. As noted by Tech Republic, in fact, exactly ZERO percent of organizations say their security needs are fully met by their current infosec strategy, down from just 11 percent last year.

Now is the time to seriously look at how you are protecting and securing your applications

The U.S. National Institute of Standards and Technology (NIST) has published two data-security focused documents in as many months. 

Anyone developing software applications today can easily feel overwhelmed by the persistent security threats their products face from application counterfeiting and malware injection to theft of services and confidential information. This article discusses some of ways hackers go about their dirty deeds and how to achieve a balanced perspective on application risk and risk management allowing you to release applications with greater confidence. Gaining this confidence requires a deeper knowledge of the risks and potential remedies.

I just read the Forrester Wave™: Governance, Risk, And Compliance Platforms, Q1 2018.

Forrester reminds us all that “Risk and compliance management is more important than ever, thanks to the increasingly intangible nature of business value and the growing risk of violating customer trust.”

Preventing Privilege Escalation in mobile payment apps (PCI Mobile Payment Acceptance Security Guidelines Section 4.3)

Regulators, standards bodies and IT auditors have become increasingly likely to recommend an absolute prohibition of rooted Android devices in production environments. As the 2017 PCI Mobile Payment Acceptance Security Guidelines state, “Bypassing permissions can allow untrusted security decisions to be made, thus increasing the number of possible attack vectors.”

When perimeters are breached, identities stolen and malware launched, encryption stands as information’s last line of defense. Without effective encryption policies, you will first be victimized and then held liable (punished) by every information stakeholder (customers, partners, investors, regulators, the courts, etc.).

The GDPR is comprehensive; its impact is far reaching, and the penalties for infringement are severe (up to €20 million or 4% of global annual revenue, whichever is higher).

In short, no impacted business can afford to ignore The GDPR. As the May 2018 deadline looms, organizations find themselves scrambling to be “GDPR ready” – but what exactly does that mean?

According to the official EU GDPR website, http://www.eugdpr.org, “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.”