期刊名称:International Journal of Computer Science and Management Studies
电子版ISSN:2231-5268
出版年度:2012
卷号:12
期号:2
出版社:Imperial Foundation
摘要:The secure web application is the most important thing for any type of transaction or similar things. Information security should enable, to the extent possible, a business to take the risks it is prepared to take on, by designing and deploying countermeasures that allow for sensible business risk. Additionally, seemingly small exposures should be dealt with if there is a business case. The role of the security architecture is not to steer the business away from risk, but rather to educate their business partners about the risks they are taking and provide countermeasures that enable the business to take as much risk as suits their goals. This is very important, it is no longer acceptable for enterprise security to exclusively function as an arbiter; security in the enterprise needs architecture and design advocates, and backing at runtime. Security policy and standards are not end goals in themselves, they need to be backed by a governance model that ensures they are in use, and that it is practically possible to build, deploy, and operate systems based on their intent. In practice this means that the security architecture must define reusable security services that allow developers to not be security experts yet still build a secure system.
关键词:Information Security; Secure Web Application; Security Threats
