STOCKS TO BUY: We have identified several stocks that can potentially TRIPLE. Learn more!

Awareness There, Policies Lacking: Results Of A New SANS Survey On Application Security Policies In Enterprises

See what Jim Cramer and Stephanie Link are trading today.





BETHESDA, Md., Dec. 5, 2012 /PRNewswire-USNewswire/ -- SANS Institute, a trusted and pervasive source of information security training, announces the results of its first Survey on Application Security Policies in Enterprises.

Sponsored by NT OBJECTives, Qualys, WhiteHat Security and Veracode, the survey reveals that awareness of risk is high across most organizations and that some form of policies are in place among 66% of the survey's nearly 700 respondents.

"This indicates that application security has grown out of its infancy and is becoming incorporated into policy," says SANS Analyst executive editor, Deb Radcliff. "The flip side is that there is that only two percent of survey takers have comprehensive, cradle-to-grave management of their applications."

The survey shows that organizations are managing multiple applications, yet 28% of respondents can't determine what applications are under their management.

Policies also vary for organizations that develop their own applications versus those managing commercial applications: Only 23% comprehensively manage development and lifecycle of applications they develop, and only 33% conduct extensive review of commercial applications prior to putting them into production.

Things get hazier when the discussion moves to outsourced or cloud applications, with only 22% relying on extensive testing and validation prior to production.

"Too many organizations are relying on their service providers and software vendors to 'do the right thing' when it comes to application security. This isn't enough," says SANS analyst Jim Bird, who coauthored the report. "They have to start taking more responsibility for securing their own software supply chains—especially bigger organizations with enough buying power to force real change on supplier behavior and accountability."

With regard to responsibility for application security, the survey allowed multiple responses. While most respondents put their C-level and managerial level IT and security professionals in charge of application security (83%) and 35% indicate that their development group is responsible. Another 33% said their risk and compliance managers were responsible. This is not surprising, given that, in another question, more than 40% of respondents selected compliance their top driver for their application security programs.

1 2 Last »

Select the service that is right for you!

COMPARE ALL SERVICES
Action Alerts PLUS
TRY IT FREE

Jim Cramer and Stephanie Link actively manage a real portfolio and reveal their money management tactics while giving advanced notice before every trade.

Product Features:
  • $2.5+ million portfolio
  • Large-cap and dividend focus
  • Intraday trade alerts from Cramer
  • Weekly roundups
TheStreet Quant Ratings
TRY IT FREE
New! $49.95/yr

Access the tool that DOMINATES the Russell 2000 and the S&P 500.

Product Features:
  • Buy, hold, or sell recommendations for over 4,300 stocks
  • Unlimited research reports on your favorite stocks
  • A custom stock screener
  • Upgrade/downgrade alerts
Stocks Under $10
TRY IT FREE

David Peltier, uncovers low dollar stocks with extraordinary upside potential that are flying under Wall Street's radar.

Product Features:
  • Model portfolio
  • Stocks trading below $10
  • Intraday trade alerts
  • Weekly roundups
Dividend Stock Advisor
TRY IT FREE

Jim Cramer's protege, David Peltier, identifies the best of breed dividend stocks that will pay a reliable AND significant income stream.

Product Features:
  • Diversified model portfolio of dividend stocks
  • Alerts when market news affect the portfolio
  • Bi-weekly updates with exact steps to take - BUY, HOLD, SELL
Real Money Pro
TRY IT FREE

All of Real Money, plus 15 more of Wall Street's sharpest minds delivering actionable trading ideas, a comprehensive look at the market, and fundamental and technical analysis.

Product Features:
  • Real Money + Doug Kass + 15 more Wall Street Pros
  • Intraday commentary & news
  • Ultra-actionable trading ideas
Options Profits
TRY IT FREE

Our options trading pros provide daily market commentary and over 100 monthly option trading ideas and strategies to help you become a well-seasoned trader.

Product Features:
  • 100+ monthly options trading ideas
  • Actionable options commentary & news
  • Real-time trading community
  • Options TV
To begin commenting right away, you can log in below using your Disqus, Facebook, Twitter, OpenID or Yahoo login credentials. Alternatively, you can post a comment as a "guest" just by entering an email address. Your use of the commenting tool is subject to multiple terms of service/use and privacy policies - see here for more details.
DOW 15,112.19 -206.04 -1.35%
NASDAQ 3,443.20 -38.98 -1.12%
S&P 500 1,628.93 -22.88 -1.39%
US 10 Yr 2.311% +0.129

Brokerage Partners
Advertising Partners
Special Features

Free Newsletters from TheStreet

After the Bell

Before the Bell

Booyah! Newsletter

Midday Bell

TheStreet Top 10 Stories

Winners & Losers

We respect your privacy. Manage Newsletters
Top Rated Stocks Top Rated Funds Top Rated ETFs