- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Application Security, Information Assurance's Neglected Stepchild - A Blueprint for Risk Assessment
- Abstract
- In this paper we will focus on how to properly assess the security of application software. When executed correctly and to the appropriate level of detail, an application system audit is an objective evaluation of an organization's ability to prevent, detect and recover from information system failures. Byproducts of that assessment are a set of recommendations to ensure that assets are protected according to company, federal, state and local regulatory policies and a system security plan which is a blueprint for action in the event of system failure that is specifically tailored to the organization's capabilities and limitations.