Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Tag Archives: application security

The OCC and Application Security: Vindication at Last

June 17, 2008 – 6:00 am – On May 8, 2008, the OCC (Office of the Comptroller of the Currency, part of the U.S. Department of the Treasury) issued Bulletin 2008-16, which you can find here. As the OCC states, there have been prior mentions of application security by the FFIEC (of which OCC is a member), NIST and others.…
By C. Warren Axelrod | Posted in CSO/CISO Perspectives | Also tagged , , , , , , | Comments (0)

Metrics Revisited – Application Security Metrics

May 12, 2008 – 6:00 am – I have recently been giving some thought to, and doing some research into, application security metrics, and I have determined, quite simply, that there aren’t any good ones. “How ridiculous!” you say, “We have two dozen application security metrics, which we report in…
By C. Warren Axelrod | Posted in Risk Analysis, Security Metrics | Also tagged , , , | Comments (0)

Are We Less Secure Now Than Before?

March 18, 2008 – 6:00 am – The information security professional faces a curious dichotomy in this field. Ask a bunch of security pros and many will tell you a main reason they enjoy it is that there is always something new happening. But that is often just a euphemism – “new” often means a growing threat…
By Derek Schatz | Posted in Technical | Also tagged , , , , , | Comments (4)