|
|
Security Basics
protecting web apps for governaments Jun 19 2012 03:23PM marco cohen (marcocohen2 gmail com) (3 replies) Re: protecting web apps for governaments Jun 20 2012 04:30AM Vedantam Sekhar (vedantamsekhar gmail com) RE: protecting web apps for governaments Jun 19 2012 04:58PM Miguel Gracia (mgracia grayhairsoftware com) (4 replies) RE: protecting web apps for governaments Jun 19 2012 05:59PM Dan Lynch (DLynch placer ca gov) (2 replies) Re: protecting web apps for governaments Jun 19 2012 08:49PM Shane Anglin (shane anglin gmail com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:26PM Computer Sevice Teeuwen \(Roy\) (roy csteeuwen nl) Re: protecting web apps for governaments Jun 19 2012 05:22PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 05:28PM Miguel Gracia (mgracia grayhairsoftware com) (1 replies) Re: protecting web apps for governaments Jun 19 2012 05:48PM Rob (synja synfulvisions com) (1 replies) RE: protecting web apps for governaments Jun 19 2012 06:00PM Miguel Gracia (mgracia grayhairsoftware com) |
|
Privacy Statement |
Also what governance are they required to follow? This will also drive your needs. I. E ISO27001
Just remember that the most expensive thing that will be lost with a breach is their reputation and it is hard to put $$$$ on that.
What you stated as your annual audit list would be considered minimum controls on a government website that may hold classified or confidential data.
Also keep in mind that if these are in a virtual environment you have other controls to consider too.
Cathryn Olds. Msisa
IT Security Administrator
Sent from my iPad
On Jun 19, 2012, at 2:39 PM, "Shane Anglin" <shane.anglin (at) gmail (dot) com [email concealed]> wrote:
> And, ask yourself who is projecting the costs associated with data loss? If it's your personal data the govt/business is protecting and they attribute the cost of loss as one year of free credit reporting, their cost assessment isn't the best measure in my book.
>
>
> Regards,
> Shane Anglin
>
>
>
> On Jun 19, 2012, at 12:59 PM, Dan Lynch <DLynch (at) placer.ca (dot) gov [email concealed]> wrote:
>
>>> From: Miguel Gracia
>>> Sent: Tuesday, June 19, 2012 9:58 AM
>>> To: marco cohen; security-basics (at) securityfocus (dot) com [email concealed]
>>> Subject: RE: protecting web apps for governaments
>>>
>>> There is no such thing as too much protection. If the company
>>> feels comfortable with this and thus requests nothing less,
>>> then it is worth having. From a technical standpoint, it may
>>> be overkill but it may be a requirement depending on audits
>>> done on the company and/or web apps.
>>
>>
>> Protecting $100 worth of data with $101 worth of mitigation is too much protection. Any security measures you implement MUST be justified by the value of the data, and the cost of loss and recovery.
>>
>> Granted, this is difficult in a government environment, where you can't calculate losses in terms of sales and revenue. You end up with management and elected officals calculating the cost against the near-infinite value of their careers, reputations, and egos.
>>
>> Good luck.
>>
>>
>> Dan Lynch, CISSP
>> Information Technology Analyst
>> County of Placer
>> Auburn, CA
>>
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>>
>> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
>> ------------------------------------------------------------------------
>>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------
[ reply ]