Discover PerformanceHP Software's community for IT leaders // March 2013
Closing the app gap on risk
The cloud and mobility make enterprise applications harder to secure than ever. But where the cloud creates a challenge, it can also help create a solution.
IT needs to speak the language of SaaS
Service-based costing provides the vocabulary that will let IT communicate its value to the business—to better manage, and compete with, outside services.
Best practices for secure software development
When it comes to secure software development, there are leaders and there’s everyone else. Learn a few secrets of organizations with top-notch security practices.
The evolution of ESI
HP Security Strategist Rafal Los talks to BlackRock VP John Terrill about the evolution of enterprise security intelligence over the past decade and the fundamentals of mitigating risk.
Percentage of total internal security activity that consists of recovery and detection.1
Percentage of cyber crime costs caused by denial of service, malicious insider, or web-based attacks (making those crimes the costliest).1
Percentage of U.S. employees that would be just as inclined to use their personal device for work purposes even if they knew their online activity can be tracked by their employer.2
Q: Why don’t developers listen on security issues?
A: I offer you two reasons: incentive and choice of development framework. Most development organizations within a company are driven by three overarching factors: 1) deliver what the business wants, 2) do it on time, and 3) do it under budget. When these three things are done, the business is happy, no one complains, the company makes money, and (hopefully) employees get bonuses or salary increases. … In essence, there is no incentive for developers to take the extra time and effort to make a feature secure, if making it secure does not result in any appreciable outcome. How many developers do you know that tout how secure their code was during their annual performance reviews? … If you want to change this culture, we as security professionals are going to have to change those three factors that drive the development organization’s work.
— Matt Presson, senior information security analyst, Willis, on the Wh1t3 Rabbit security blog
1 “2012 Cost of Cyber Crime Study: United States,” The Ponemon Institute, October 2012
2 “2012 IT Risk/Reward Barometer: US Consumer Edition ,” ISACA, November 2012