The security and privacy concerns associated with software make this an important awareness and training topic, relevant to staff. management and professionals alike.
Applications are all the rage – well mobile “apps” anyway. Users of iThings and no end of shiny little eToys can’t resist downloading, installing and telling all their friends about those must-have programs. The socialization and naïveté, coupled with hardware platform and operating system limitations, has not escaped the notice of the criminal fraternity, hence malware is hitting mobile devices in a big way.
More conventional software applications are just as important as ever to the organization, and unfortunately many are still insecure. It’s pretty obvious that Web apps need to be highly secure given the hostile environment, and yet for Web hackers, malware and fraudsters, the Internet remains a target-rich environment.
Internal corporate apps are not immune to hackers and fraudsters either, including those on the payroll (insider threats). Aside from the likelihood and impact of deliberate attacks, frauds and malware, organizations also need to deal with incomplete and inaccurate data, application system failures, design flaws, bugs etc., all within an increasingly complex and integrated IT and business context.
Despite studies having shown enormous savings if software is made secure by design, patching has long been an important – if costly and often ineffective – security measure. The awareness module therefore emphasizes the need to make information security part of the DNA for software development and acquisition projects. The development project briefing pack, for instance, is an excellent introduction to securing apps and the process plus valuable collateral such as security designs - see the final screenshot.
Supplied as a ZIP file containing editable MS Word, PowerPoint and Visio files plus high-res poster images (JPGs).
Application security awareness
Awareness and training materials about integrating information security into the software application development and acquisition lifecycle, and the security aspects of using mobile apps.