|
 |
|
|
Computer Security is a term that is extremely broad. It can encompass obvious areas like password protection, network defense and encryption. It is also related to the integrity, stability and longevity of your data. What ever facet is under consideration requires vigilance in the face if innumerable and unspecified threats, be that unauthorized intruders, malicious software or code defects. |
|
||||||||||
|
|
|
|
|
|
|
How it helps Your data represent the most valuble resource of your information technology systems. It is a cliche, but not an error, to state that the information on a computer is far more valuable than the computer itself. If you are operating systems that interface with the internet in order to provide services to customers or outside staff, you will be subject to attacks, penetration attempts, social engineering, etc. It is important to understand where your potential weakspots are and to institute policies and procedures to minimize risks. Examples An e-commerce website was found to store the user credentials in an unencrypted cookie. Even though the site required a user to reenter the username and password before completing the checkout process, the availability of the cookie information impaired the efficacy of this protection. A website used by customers on the Internet allowed the users to enter data regarding clients and projects. Examination of the website revealed that, using an extremely simple technique, users could access all records in the database pertaining to these data, thus, potentially revelaing to competitors privileged information that could be used as an advantage. |
The Process Observation This stage involves an examination of all systems or specific systems of interest. Information pertaining to the systems of interest will be gathered, the systems examined, including source code, if available. Analysis At this stage we examine the gathered information with an eye to potential security problems, outlining and prioritizing areas of concern. Delivery The client is provided with a document detailing any areas of potential vulnerability. This document can be used by internal or contract personnel as a guide to areas requiring corrective action. |
| because software shouldn't be painful |
| Copyright 2019 Randy Crump Consulting. All rights reserved. |
