Overview
In keeping with our transparent approach to sharing knowledge, Corsaire invests time writing white papers in order to help share best-practice principles and proven information security techniques with the wider community. This section includes a selection of our latest business white papers that have been placed in the public domain. Further papers are available to our clients.
The whitepapers held in this section are intended for a business audience.
State of the Web: A Review of Application Security Trends Over 6 Years
By Glyn Geoghegan, October, 2008
This paper is updated from last year’s trends analysis. It contains six year’s worth of data and reveals that, while there have been notable improvements in application security, the battle is far from won.
This paper is aimed at senior and executive management.
State of the Web: A Review of Application Security Trends Over 5 Years
By Glyn Geoghegan, August 31, 2007
Application security is a rapidly evolving area, and one of increasing interest and activity as information security matures. It is important to understand the key areas of concern within web-applications and which of these are exposing organisations to the greatest risk in order to develop strategies to mitigate and manage that risk.
This paper is drawn from a representative sample of application security assessments, conducted by Corsaire over the last five years. The results have been collated and analysed, and a number of anecdotal and statistical conclusions have been drawn from the data. This paper will demonstrate that while application security is improving, fundamental security flaws still affect almost all applications, and many of the same mistakes present years ago are still made in new applications.
This paper is aimed at senior and executive management.
The Emerging Standards: ISO27004 and BS25999
By Chris Leppard, June 5, 2007
As the IT security industry continues to mature increasing number of standards and regulatory controls appear. Perhaps two of the most important new developments are Security Metrics and BS25999. Security Metrics aim to use quantifiable statistics to remove the fear, uncertainty and doubt syndrome often associated with traditional methods of measuring the effectiveness of IT security policies and controls. BS25999 is the new standard for Business Continuity Management, replacing PAS56. The Standard will form the basis for the official certification of corporate BCM solutions.
This paper is aimed at senior and executive management and describes the two standards, how companies can use them and the potential benefits they will gain.
PCI Data Security Standard
By Chris Leppard, February 5, 2007
The Payment Card Industry (PCI) Data Security Standard (DSS) is a requirement for all organisations that process payments, develop products for payment or store payment card details. The PCI compliance standards were developed to establish a 'minimum security standard' with regards to the protection of cardholders' account and transaction information. Many vendors are unclear as to their roles and responsibilities with regard to compliance to the PCI DSS.
This paper is aimed at senior and executive management and is designed to show how the various elements of the PCI DSS will affect your company and what you will need to do to achieve compliance.
