Survey Results - banking technology executives reveal their institution's application security priorities heading into 2009
In a down economy application security is both a necessity and a competitive differentiator. Yet in a recent BankInfoSecurity.com survey, respondents showed that they had no reason for confidence in either their own applications or those developed or managed by third-party service providers. Register for this webinar to learn:
How banking executives are dealing with risks associated with modern web & core applications;
How to manage both in-house and third-party application security risks;
How to successfully implement a hands-off approach to application security and OCC Bulletin 2008-16.
Over 80% of survey respondents are not at all or just somewhat confident in the general security of applications developed or managed by third-party service providers:
In May, the Office of the Comptroller of the Currency (OCC) issued a new bulletin on application security, reminding banking institutions that they needed to ensure the security of:
Software applications they develop and manage in-house;
Those that are developed and managed by third-party service providers.
The bulletin begged the question: What is the state of application security in banking institutions?
In September, Information Security Media Group (ISMG), publisher of BankInfoSecurity.com and CUinfoSecurity.com, answered that question with a new survey dedicated to the topic of application security. The response:
57% of respondents say they are somewhat or very confident in their own applications;
81% are only somewhat or not at all confident in the security of those applications developed or managed by vendors.
The survey results alone are startling. But add to them the global credit crisis and volatile market conditions, and you find banking institutions that are now faced with application security gaps and scarce financial and human resources. Which begs another question altogether:
How does one build a successful business case for funding application security projects?
In this webinar, we will review the results of the application security survey, which also shows how banking institutions test for and remediate vulnerabilities. Beyond the raw results, a panel of industry experts will discuss what the results mean, offering advice to banking/security leaders looking to make that business case for sound application security investments.
Jennifer Bayuk is an independent consultant on topics of information confidentiality, integrity, and availability. She is engaged in a wide variety of industries with projects ranging from oversight policy and metrics to technical architecture and requirements. Jennifer has a wide variety of experience in virtually every aspect of the Information Security. She was a Chief Information Security Officer, a Security Architect, a Manager of Information Systems Internal Audit, a Big 4 Security Principal Consultant and Auditor, and a Security Software Engineer. Jennifer frequently publishes on information security and audit topics. Jennifer has lectured for organizations that include ISACA, NIST, and CSI. She is certified in Information Systems Audit (CISA), Information Security Management (CISM), Information Systems Security (CISSP), and IT Governance (CGEIT). She has Masters Degrees in Computer Science and Philosophy.
Stephen Walker focuses on key Governance, Risk management, and Compliance (GRC) issues in the market as well as Managed Services and Outsourcing within Aberdeen's Technology Markets group. Stephen holds a B.A. in Economics and Business with a Concentration in Financial Management from the Virginia Military Institute and received his Juris Doctor (JD) from the West Virginia University College of Law.