there is an interesting report on the increase in data breaches reported in the UK.
A lot of this increase may simply a change in legislation that has made reporting a statutory obligation.
Some questions to ask yourself:
- Are server logs checked for untoward activity?
- Do you have a reporting policy if something is amiss?
- Did you design security in for the start of your application design?
- Do you log for example failed logons?
- Do you run tools to check for code integrity?
- Is my defense, a strategy of defense in depth?
- Do you realise that 60% of hack attacks are internal?
Whilst SQL Injection is a problem that affects practically all application code platforms, within Microsoft Applications do you run FXCOP? Do you run any of the other free tools for checking?