Paweł Rajba
ABSTRACT
For years many companies have paid attention to making sure infrastructure is protected adequately while making applications secured was underestimated. This approach is changing nowadays, but according to many security research companies (like WhiteHat or Gartner) a lot of vulnerabilities are still present in applications. Those vulnerabilities are on different levels like architecture or code and they have multiple sources like wrong requirements, processes, tools, unskilled developers or everything at the same time. In the paper we present the challenges that were discovered when we applied some mitigation approaches during the security journey in an enterprise company in the automotive industry.
- Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M. (2003). Enterprise privacy authorization language (EPAL). IBM Research.Google Scholar
- Computer Business Review, Top 5 critical infrastructure cyber attacks, Available: https://www.cbronline.com/cybersecurity/top-5-infrastructure-hacks/ {Accessed: 29.06.2018}Google Scholar
- Stuart Broderick, Top 5 Success Factors for Cybersecurity Management Programs, CISCO Blogs, 2015 https://blogs.cisco.com/security/top-5-success-factors-for-cybersecurity-management-programsGoogle Scholar
- Certified Information Systems Security Professional (CISSP). Available: https://www.isc2.org/Certifications/CrSSP {Accessed: 29.06.2018}Google Scholar
- ISO/IEC 27000 family - Information security management systems. Available: https://www.iso.org/isoiec-27001-information-security.html {Accessed: 29.06.2018}Google Scholar
- Open Security Architecture. Available: http://www.opensecurityarchitecture.org/cms/ {Accessed: 29.06.2018}Google Scholar
- OWASP, Application Security Verification Standard, 2016. Available: https://www.owasp.org/images/3/33/OWASP_Application_Security_Verification_Standard_3.0.1.pdf {Accessed: 29.06.2018}Google Scholar
- NIST CyberSecurity Framework. Available: https://www.nist.gov/cyberframework {Accessed: 29.06.2018}Google Scholar
- SABSA. Available: http://www.sabsa.org/ {Accessed: 29.06.2018}Google Scholar
- Reihaneh Amel Sadeghi, Identifying Key Success Factors in the Implementation of Information Security Systems on Service Businesses: A Case Study of the Private Banks of Tehran, American Journal of Theoretical and Applied Business, 2 (4), 28--37, 2016Google Scholar
- John Sherwood, Andrew Clark, David Lynas, Enterprise Security Architecture: A Business-Driven Approach, CRC Press, 2005. Google ScholarDigital Library
- Marianne Swanson et al. Contingency Planning Guide for Federal Information Systems, NIST, 2010Google Scholar
- Yasar, H. (2017). Implementing Secure DevOps assessment for highly regulated environments. In Proceedings of the 12th International Conference on Availability, Reliability and Security (p. 70). ACM. Google ScholarDigital Library
- World's Biggest Data Breaches, Available: http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ {Accessed: 29.06.2018}Google Scholar
- Vinh, T. V., Grewal, D. Critical success factors of effective security management: a survey of Vietnamese maritime transport service providers. In International Association of Maritime Universities (IAMU) 6th Annual General Assembly and Conference, ed. D. Nielsen, World Maritime University, Sweden (Vol. 10, pp. 24--26), 2005Google Scholar
Index Terms
- Challenges and mitigation approaches for getting secured applications in an enterprise company
Recommendations
A threat pattern for the "cross-site scripting (XSS)" attack
PLoP '15: Proceedings of the 22nd Conference on Pattern Languages of ProgramsWe present a threat pattern that describes cross-site scripting (XSS) attacks. In this attack attackers insert scripts in web applications that will lead to misuses in a target web application. Cross-Site Scripting is listed as number three risk on the ...
An attack scenario and mitigation mechanism for enterprise BYOD environments
The recent proliferation of the Internet of Things (IoT) technology poses major security and privacy concerns. Specifically, the use of personal IoT devices, such as tablets, smartphones, and even smartwatches, as part of the Bring Your Own Device (BYOD)...
Comments