· Lack of policy enforcement that can
lead to a lack of defensibility
in the event of an incident or breach.
· Inconsistencies with security
standards that shows a lack of cohesiveness across the IT environment.
security technologies that often create a false sense of security.
· Unpreparedness when it comes to
response procedures and addressing the inevitable web-related
· Web vulnerabilities that are
introduced by third-party
vendors/developers or third-party
Web applications are often the most critical systems inside the
organisation. To say that web security deserves better than if often gets is an
From the software developers who write the actual code to
executive management in charge of security budget, proactive oversight in this
area is something that you don’t want to skimp on. Web security initiatives
ultimately need to be part of your information security program needs to be
discussed and executed via an information security or IT governance committee.
This is a small committee comprised of a diverse group of people both inside
and outside of IT who can ask good questions, come up with reasonable
solutions, and be on the lookout for the best interests of the business.