Abstract :
Most organizations manage computer security risk reactively by investing in technologies designed to protect against known system vulnerabilities and monitor intrusions as they occur. However, firewalls, cryptography, and antivirus protection address the symptoms, not the root cause, of most security problems. Buying and maintaining a firewall, for example, is ineffective if external users can access remotely exploitable Internet-enabled applications through it. Because hackers attack software, improving computer security depends on proactively managing risks associated with software and software development. The current "penetrate and patch" approach of fixing broken software only after it has been compromised is insufficient to control the problem
Keywords :
risk management; security of data; software development management; antivirus protection; broken software; computer security; computer security risk; cryptography; firewalls; hackers; intrusion monitoring; penetrate and patch approach; remotely exploitable Internet-enabled applications; security problems; software development management; software security risk management; system vulnerabilities; Application software; Computer hacking; Computer security; Computerized monitoring; Cryptography; Internet; Protection; Remote monitoring; Risk management; Technology management;
