Recently one of our clients is going through a major transition of implementing new systems with few other vendors, actually a chaos of new systems interacting with each other. The implementation has been rushed and though the system functions as they are supposed to as stand alone out of the box solutions without fulfilling much of the business's initiatives. There are some major vulnerabilities within the system architecture, the implementation has been driven by lack of understanding of the domain and the business logic that drives it.
I spent less time reading about vulnerability research and QA control mechanisms, but the current implementation at XYZ corp. has spiked my interest back in this area. The vulnerabilities market for security experts is not as lucrative as it used to be but I suspect this will have its own economic shift cycles as information and services of organizations move more into the cloud and SAAS based environments.
Currently there remains a lack of information awareness and a gap (along with a huge divide) among the IT professionals within small and medium scaled organizations (non-profit & for-profit). And more importantly vulnerability research being a part of the CIO's responsibilities and policy making functions; my recommendation here is that information technology directors and CIO actively create policies and conduct periodic penetration and vulnerability testing on all their IT infrastructure systems internal and the ones that they stick in the cloud or out-source, these include but not limited to sql injection tests, malware checking and reporting, social engineering hacks, reverse-engineering of services and products, mobile management of BYOD as wells company supplied and routine network testings.
Create policies that aim for zero-day vulnerabilities in such a way that annually (or every two years) an IT auditing firm's view point is gathered and incorporated in the discussions of strategic planning with senior management.
Thoughts,
Sam Kurien
Subscribe to:
Post Comments (Atom)
-
Love the industrial design concept of this car and its video presentation by Italian designer Tiago Miguel Inacio MITHOS - ELECTROMAGNETI...
-
I feel IT Governance is the most an important function under the umbrella of the CIO. Since Technology Governance is a overarching organizat...
-
For a last few months I have been baffled with the idea of a integrative thinking before I realized that "hey there are entire theories...
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.