Download as PDF - Secunet
Download as PDF - Secunet
Download as PDF - Secunet
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
News in Brief<br />
HACKERSTORY #2<br />
Budget and<br />
Production Pressures<br />
<strong>as</strong> Risk Factors<br />
In many companies, security h<strong>as</strong> become an integral part<br />
of the production process. In the course of penetration tests,<br />
secunet nonetheless continues to identify critical vulnerabilities<br />
in internal systems that threaten the organisation’s<br />
security and, in the worst-c<strong>as</strong>e scenario, its most vital<br />
functions.<br />
In subsequent discussions with the relevant system administrators,<br />
it will usually transpire that the vulnerabilities<br />
have already been recognised, though not necessarily their<br />
potential impact. These vulnerabilities are consciously<br />
accepted, since the affected system is directly involved in<br />
critical business processes and not every company h<strong>as</strong> a<br />
sophisticated staging process whereby changes can be<br />
tested on multiple pre-production systems. The decisionmakers<br />
are confronted with a dilemma: in order to incre<strong>as</strong>e<br />
system security, a temporary reduction in functionality h<strong>as</strong><br />
to be accepted. Subsequent corrective me<strong>as</strong>ures – if at all<br />
fe<strong>as</strong>ible – result in correspondingly high costs. Yet failure to<br />
take the necessary action could ultimately lead to substantially<br />
higher costs.<br />
The results were then presented in the form of a detailed<br />
report, with me<strong>as</strong>ures identified for optimisation then being<br />
implemented within a short time by the specialist departments<br />
of Flughafen Düsseldorf GmbH and its service providers.<br />
At the same time, the company used the project to<br />
introduce new mandatory security standards at all levels.<br />
Flughafen Düsseldorf GmbH h<strong>as</strong> expressed its intention to<br />
call on secunet’s anti-hacking expertise in future.<br />
However, if IT security teams are involved at the planning<br />
ph<strong>as</strong>e of a new application, these problems can at le<strong>as</strong>t be<br />
minimised. If, at an early stage, IT security is considered<br />
of equal importance to functionality, this can obviate the<br />
need for complex re-designs or bug fixing in the finished<br />
product.<br />
More information:<br />
Dirk Reimers<br />
dirk.reimers@secunet.com<br />
More information:<br />
Christian Reichardt<br />
christian.reichardt@secunet.com<br />
IN THE NEXT ISSUE:<br />
The Trojan Mouse<br />
1 | 2013 « 09