Security blog

Manage Operational Risk Like a Bank!
posted: 08 June 2009 by Eric Tompkins
 

See more articles in the Security blog

For more information about our Application Security services & solutions, please contact:

Bonnie Bird
Manager, Marketing

Do your customers apply for loans online, order products online, check their account information online, or input personal information in order to access services online? The data they provide is most likely not only passing through the application they originally accessed, but it is also passing through other “back end” applications that process it in some fashion. Web-enabled businesses and service providers need to know that their Web applications, and even the Web applications used by their business partners, are potential targets for malicious users looking to compromise sensitive business and personal data. All applications that support any business process must be designed and tested to ensure that they protect the information they handle and/or store.

Wide-Ranging Strategy

Every time an organization adds new vendors, creates a new sales promotion site, or deploys a new Web application, the Web developers must know what kinds of security questions to have in mind during the development process. Because Web sites are in a state of constant flux, organizations cannot be content with a one-time Web application assessment. Rather, organizations must develop and follow a strategy in Web application design, testing, and development that maintains a security posture that is tailored to their specific needs. This focus on security must also be extended to the network infrastructure that supports the application once it is deployed. An application that has been designed securely must also be hosted in a secure and monitored network environment to prevent an attacker from using a network vulnerability to compromise data that has been processed by the application.

Software Code and Design Review

In addition to assessing Internet-facing applications, CIBER Global Security also assesses vulnerabilities in internal applications, including automated and manual testing for both the technical and nontechnical controls, as well as code review and application design. Do your employees process personal information using HR software, track project progress and artifacts, process payroll checks, use EDI or EFT to process receipts and payments from vendors or clients, or manage repositories of client information? How do organizations ensure that the information remains confidential, maintain the integrity of the information, and at the same time make certain the information is available to those who need it (CIA)?

Comprehensive Assessment

CIBER's Global Security Practice provides security assessments that can be used to help organizations develop strategic plans to keep data that is processed by applications secure. CIBER will take a comprehensive view of the application and can provide not only an Application Security Assessment, but can also conduct an External Control Assessment, Internal Network Assessment, Host Assessment or a Program and Practices Assessment to ensure that the application and its associated data reside in a secure environment.

Services
Application Development
& Management
 
Business Intelligence / Data Warehousing
 
Customer Relationship Management
IT Outsourcing
IT Security Solutions
 · Unisys Services
Mobility Solutions
Physical Security Solutions
Quality Assurance & Testing
Service-Oriented Architecture
Supply Chain
Global Solution Centers

ERP/Package Solutions
Lawson
SAP
Oracle
 · Oracle E-Business
 · Oracle PeopleSoft
 · Oracle JD Edwards
Technology Solutions
CRM | ERP | SCM

Industries
Charities & Not-for-Profits
Consumer Products & Retail
Energy & Utilities
Financial Services
Food & Beverage
Government: Federal
Government: State & Local
Healthcare & Life Sciences
Higher Education
K-12 Schools
Manufacturing & Mining
Telecommunications
Transportation
Travel, Sport & Leisure

Service Finder Tools
Alphabetical Sort
Line of Business Sort
Industry Sort
Services Map