Methods for developing secure software and environments for small and medium enterprises

2.50
Hdl Handle:
http://hdl.handle.net/10547/135317
Title:
Methods for developing secure software and environments for small and medium enterprises
Authors:
Pollonais, Sean
Abstract:
Information Security covers activity concerned with the protection of data to ensure that information remains available, to those with rightful access, in the condition that it was originally stored or transmitted. The push to interact via electronic data is constantly increasing. Businesses are demanding that software designers find novel ways of facilitating electronic commerce, creating new business models that have only become possible with the development of the Internet. With the increase of traffic in information across the Internet, the risks associated with data have multiplied, matching the global growth in connectivity. Web application security deals with the measures taken to secure software built to promote e-commerce. Because it is necessary to accept user input across the Internet these applications carry a particular set of vulnerabilities that require a more technical approach to their mitigation. The applications themselves are usually composed of modules that interact across trust boundaries which all require hardening. Information Security governance controls how a company secures its data and that of its clients. While there are laws and standards that address the security requirement, applying them to all magnitude of businesses is difficult because the policies are biased towards large organisations in their assumptions of resources. This thesis investigates an international standard that can be used by small businesses to achieve legal compliance and a reasonable level of security. The thesis brings together a method for producing secure web applications and a checklist procedure for improving a company's data protection practices. Both offerings apply to small software production houses where there may be some overlap in role function and the pressure to meet software production deadlines can sometimes lead to a culture where security is seen as an avoidable expense.
Publisher:
University of Bedfordshire
Issue Date:
2007
URI:
http://hdl.handle.net/10547/135317
Type:
Thesis
Language:
en
Description:
A thesis submitted for the degree of Master of Science by Research at the University of Bedfordshire
Appears in Collections:
Masters e-theses

Full metadata record

DC FieldValue Language
dc.contributor.authorPollonais, Seanen
dc.date.accessioned2011-07-05T09:07:48Z-
dc.date.available2011-07-05T09:07:48Z-
dc.date.issued2007-
dc.identifier.urihttp://hdl.handle.net/10547/135317-
dc.descriptionA thesis submitted for the degree of Master of Science by Research at the University of Bedfordshireen
dc.description.abstractInformation Security covers activity concerned with the protection of data to ensure that information remains available, to those with rightful access, in the condition that it was originally stored or transmitted. The push to interact via electronic data is constantly increasing. Businesses are demanding that software designers find novel ways of facilitating electronic commerce, creating new business models that have only become possible with the development of the Internet. With the increase of traffic in information across the Internet, the risks associated with data have multiplied, matching the global growth in connectivity. Web application security deals with the measures taken to secure software built to promote e-commerce. Because it is necessary to accept user input across the Internet these applications carry a particular set of vulnerabilities that require a more technical approach to their mitigation. The applications themselves are usually composed of modules that interact across trust boundaries which all require hardening. Information Security governance controls how a company secures its data and that of its clients. While there are laws and standards that address the security requirement, applying them to all magnitude of businesses is difficult because the policies are biased towards large organisations in their assumptions of resources. This thesis investigates an international standard that can be used by small businesses to achieve legal compliance and a reasonable level of security. The thesis brings together a method for producing secure web applications and a checklist procedure for improving a company's data protection practices. Both offerings apply to small software production houses where there may be some overlap in role function and the pressure to meet software production deadlines can sometimes lead to a culture where security is seen as an avoidable expense.en
dc.language.isoenen
dc.publisherUniversity of Bedfordshireen
dc.subjectcomputer securityen
dc.subjecte-commerceen
dc.subjectWeb application securityen
dc.subjectInformation Security governanceen
dc.subjectdata protectionen
dc.subjectSMEsen
dc.titleMethods for developing secure software and environments for small and medium enterprisesen
dc.typeThesisen
This item is licensed under a Creative Commons License
Creative Commons
All Items in UOBREP are protected by copyright, with all rights reserved, unless otherwise indicated.