-
Abstract:
In searching for tools to implement an effective application-security strategy, managers have a choice between two technological
approaches: dynamic analysis and static analysis. Available in a variety of freeware and commercial automated tools, both
approaches promise comprehensive detection of security (...)
Excerpt related to
code audit:
How the Right Mix of Static Analysis and Dynamic Analysis Technologies Can Strengthen Application Security. Source: Secure
Software. ...
Published:
2010-03-11
-
Abstract:
The Depository Trust & Clearing Corporation (DTCC) is the world’s largest financial services post-trade infrastructure organization,
having cleared and settled more than $1.4 quadrillion (USD) worth of securities in 2005. In the highly competitive financial
services industry, the secure processing of t (...)
Excerpt related to
code audit:
Depository Trust and Clearing Corporation (DTCC) Case Study. Source: Secure Software. Document Type: Case Study Description:
The Depository ...
Published:
2010-03-11
-
Abstract:
Application security is an important emerging requirement in software development. This article introduces CLASP, an application
security process and plug-in to IBM 's Rational Unified Process environment. It was developed by Secure Software, and gives
organizations a structured way to address security c (...)
Excerpt related to
code audit:
Security in the Software Development Lifecycle. Source: Secure Software. Document Type: White Paper Description: Application
security ...
Published:
2010-03-11
-
Abstract:
Businesses are being held increasingly accountable for their business application security—by customers, partners, and government.
Unfortunately, most businesses are playing catch-up with security. What’s really needed are processes that fix the software
development cycle by weaving security expertis (...)
Excerpt related to
code audit:
Why Application Security Is the New Business Imperative -- and How to Achieve It. Source: Secure Software. Document Type:
White Paper ...
Published:
2010-03-11
-
Abstract:
Whether audit expertise is provided by an internal staff or an independent, outside agency, calling in an audit specialist
is as normal as calling in a kicking specialist in a penalty or field goal situation in football. Particularly when you consider
the majority of an enterprise software implementation (...)
Excerpt related to
code audit:
Whether audit expertise is provided by an internal staff or an independent, outside agency, calling in an audit specialist
is as normal as calling...
Published:
2003-10-21
-
Abstract:
With traffic being the lifeblood of an e-commerce site the Marketing crew knows that the traffic numbers are going to be
audited. And they look to the CIO to make sure that the numbers will pass muster. If there’s a problem with the numbers, the
CIO may be blamed. So it’s important to understand what (...)
Excerpt related to
code audit:
With traffic being the lifeblood of an e-commerce site the Marketing crew knows that the traffic numbers are going to be audited.
And they look to...
Published:
2000-09-14
-
Abstract:
With traffic being the lifeblood of an e-commerce site the Marketing crew knows that the traffic numbers are going to be
audited. And they look to the CIO to make sure that the numbers will pass muster. If there’s a problem with the numbers, the
CIO may be blamed. So it’s important to understand what (...)
Excerpt related to
code audit:
With traffic being the lifeblood of an e-commerce site the Marketing crew knows that the traffic numbers are going to be audited.
And they look to...
Published:
2000-09-14
-
Abstract:
Thanks, in part, to the fallout from the financial scandals of Enron, WorldCom, Tyco and others, the corporate spotlight
is being refocused on the audit function. However, by waiting until systems are live and in production before applying an
audit regimen, you may miss an excellent opportunity to establ (...)
Excerpt related to
code audit:
Thanks, in part, to the fallout from the financial scandals of Enron, WorldCom, Tyco and others, the corporate spotlight is
being refocused on the...
Published:
2003-10-20
-
Abstract:
If enterprise resource planning (ERP) isn't properly implemented to manage risk, your organization may face loss due to fraud
or other hazards. Take advantage of ERP's capacities for role-based security, on both the business and the IT sides of your
processes. (...)
Excerpt related to
code audit:
If enterprise resource planning (ERP) isn't properly implemented to manage risk, your organization may face loss due to
fraud or other hazards. Ta...
Published:
2009-05-06
-
Excerpt related to
code audit:
... Usually, vendors deposit the code with a third-party agent—known as an escrow—which
will release it to the customer if the vendor fails to maintain ... Audit. ...
Published:
2009-06-09
-
Excerpt related to
code audit:
... Rather, an LMS allows you to audit your employees—or at least their behavior ...
been trained and agreed to behave in accordance with a specific code of conduct ...
Published:
2008-06-05
-
Abstract:
Your Challenge: Get Decision Makers' Approval for Compliance Exposures in ERP Systems. Specific, Measurable, Achievable, Relevant
and Time-Bound. This paper examines key issues for CFOs and CEOs in managing ERP systems in the new world of SOX, IFRS, Basle
II. While most IT management attention seems to be (...)
Excerpt related to
code audit:
Your Challenge: Get Decision Makers' Approval for Compliance Exposures in ERP Systems. Specific, Measurable, Achievable,
Relevant and Time-Bound. T...
Published:
2010-03-11
-
Abstract:
In global trade, the flow of information must support the tracking and management of the goods to enable the secure and compliant
entry and exit to and from countries for the correct funds to flow to eligible business and trading partners. (...)
Excerpt related to
code audit:
In global trade, the flow of information must support the tracking and management of the goods to enable the secure and compliant
entry and exit t...
Published:
2005-06-16
-
Abstract:
A truly successful data migration project involves not only an understanding of how to migrate the data from a technical
standpoint, but an understanding of how that data will be used and its importance to the operation of the enterprise. (...)
Excerpt related to
code audit:
A truly successful data migration project involves not only an understanding of how to migrate the data from a technical standpoint,
but an unders...
Published:
2008-06-23
-
Abstract:
The Sarbanes-Oxley Act (SOX) requires publicly traded firms to demonstrate that their accounting and reporting practices
are in compliance with regulatory standards. Section 404 of SOX addresses the concept and practice of segregation of duties—a
key aspect of this legislation, and the focus of this ar (...)
Excerpt related to
code audit:
... ensure users have an identifiable security password and user code, which tracks ...
Ensure that transparent audit trails are in place, that management is aware of ...
Published:
2008-08-27
-
Abstract:
The Sarbanes-Oxley Act (SOX) requires publicly traded firms to demonstrate that their accounting and reporting practices
are in compliance with regulatory standards. Section 404 of SOX addresses the concept and practice of segregation of duties—a
key aspect of this legislation, and the focus of this ar (...)
Excerpt related to
code audit:
... ensure users have an identifiable security password and user code, which tracks ...
Ensure that transparent audit trails are in place, that management is aware of ...
Published:
2008-08-27
-
Abstract:
HIPAA-Watch for Security is a tool designed to guide organizations through the risk analysis required by the Health Insurance
Portability and Accountability Act (HIPAA) compliance process (US). Relevant Technologies, a leading security research and
advisory firm, evaluated HIPAA-Watch for Security to ver (...)
Excerpt related to
code audit:
... Phase II also encompasses setting up a survey of audit questions and setting up the
different respondents (by job category) who are best apt to be able to ...
Published:
2004-08-27
-
Abstract:
HIPAA-Watch for Security is a tool designed to guide organizations through the risk analysis required by the Health Insurance
Portability and Accountability Act (HIPAA) compliance process (US). Relevant Technologies, a leading security research and
advisory firm, evaluated HIPAA-Watch for Security to ver (...)
Excerpt related to
code audit:
... Phase II also encompasses setting up a survey of audit questions and setting up the
different respondents (by job category) who are best apt to be able to ...
Published:
2004-08-27
-
Abstract:
Lawson has unveiled a new standards-based business applications platform designed to increase overall application quality
and improve the product lifecycle experience for current and future Lawson clients. (...)
Excerpt related to
code audit:
Lawson has unveiled a new standards-based business applications platform designed to increase overall application quality
and improve the product ...
Published:
2005-10-07
-
Abstract:
Once the user defines compliance case boundaries and establishes the data criteria in Phases I and II, the HIPPA-Watch for
Security tool begins Phase III by launching the risk analysis engine, and concludes with Phase IV, which generates the report.
Using the HIPPA-Watch for Security tool can help an org (...)
Excerpt related to
code audit:
... the survey questions that exist are certainly on topic and apropos to a HIPAA audit.
... automated so that when you put in your organization's zip code, the LAFE ...
Published:
2004-08-28