|During this monthly professional development session Brad Ellis will address a commonly asked question – “Is our website secure ?”
While on the surface, this may seem like a simple question, where the answer is expected to be yes or no; more often than not, the answer is “It depends !”.
In order to inform the response to “Is our website secure enough ?”; Brad recommends an architectural approach as this assists in making sure that your business’s needs are identified and implemented; that risks are identified and managed to acceptable levels.
This approach is recommended as every organisation’s website is different, as they support a diverse range of business needs and functions; have multiple internal stakeholders, suppliers, 3rd party code and analytics engines and have thousands of configuration items.
It is important to keep in mind that websites offer the public significant insight into a wide range of your organisation’s security capabilities and processes; and security analysis techniques like passive analysis can discover good and bad practices.