The Cost is Going Up

The cost of data breaches continue to climb, Global Payments which back in the spring reported a data breach
in which information associated with an estimated 1.4 million payments cards was stolen, has revealed that expenses associated
with investigations, fines and remediation has hit $84.4 million according to Network World.

Could this have been prevented? More and more companies are adopting tools, methodologies and hardware trying to avoid such large data breaches, but they don’t seem to be able stop it.

Could the solution be as low-tech as good old checklists to the hi-tech security problem?

The Use of Checklists


Checklists are being looked at as a very low-tech rudimentary overhead. Atul Gawande wrote an extensive piece in the NewYorker,
the article is pretty long but bottom line is that the use of checklists brought down infection rates for I.C.Us in Michigan by 66%,
some hospitals like Sinai-Grace Hospital cut its quarterly infection rate to zero.

How many expensive tools would have been necessary to achieve the same result?

Could we achieve the same results as healthcare did?

Developers, arguably like nurses in I.C.Us, have many things to do, and the smallest mistake could lead to an infection in the I.C.U or a data breach in the software. By following a simple checklist carefully designed and customized per each case could achieve astronomical results, pretty close to what Michigan’s I.C.Us achieved. The software industry also seems to have picked up on the trend and there is noticeably an increased demand from our clients to help them build checklists for the following areas:

  • Software Security Requirements
  • Secure Code Review
  • Writing Secure Code
  • Security Configurations

Building Your Own Checklist:

There are several resource out there that can help you start building checklists for your own organization:

Security tools, training and secure development are always necessary to avoid data breaches the same as monitoring systems and pulse oximeters are inevitable in the I.C.U. But more monitoring systems and more pulse oximeters are not going to save more lives, a simple checklist did.

White Paper - Proving Adherence to Software Security Best Practices

White Paper - Proving Adherence to Software Security Best Practices

Industry standards and the best practices for developing secure software. Please provide your email and name to receive your copy.

Success! Your copy is on the way.

eight-myths

The 8 New Deadly Myths of Application Security

If you want to get clear on the best strategy for software security in your organization, you must first get clear on the problems. Many organizations identify the problems as cryptography, insecure SSL practices, or authentication issues.

This is why organizations get trapped within incorrect mindsets to find themselves struggling to prove proper adherence to software security best practicesor worse, in a middle of a data breach.

Enter your name and email below to understand the myths and start an application security program that works.

You have Successfully Subscribed!