https://modernanalyst.com RSS feeds for Business Analyst Community & Resources | Modern Analyst 60 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7124/The-Role-of-Business-Analysts-in-Developing-a-Zero-Trust-Security-Framework.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=7124 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=7124&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7124/The-Role-of-Business-Analysts-in-Developing-a-Zero-Trust-Security-Framework.aspx This transition from “trust but verify” to “never trust and always verify” is a completely new way of thinking about the architecture of cybersecurity. At the heart of this change is the role of the Business Analyst (BA), who, given their role, bridges the gap between business requirements and technical implementation, making them indispensable in developing and deploying effective Zero Trust strategies.  adrian Mon, 22 Dec 2025 00:22:00 GMT f1397696-738c-4295-afcd-943feb885714:7124 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7060/Balancing-Usability-and-Security-Challenges-for-Business-Analysts.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=7060 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=7060&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7060/Balancing-Usability-and-Security-Challenges-for-Business-Analysts.aspx Striking a balance between usability and security is a challenging yet crucial responsibility for business analysts, demanding a blend of technical expertise, empathy, and strategic insight. By comprehending trade-offs, catering to stakeholder requirements, and adopting proactive measures, business analysts can develop systems that are both user-friendly and robust. As technologies such as AI and IoT progress, maintaining this equilibrium becomes increasingly vital, with AI-powered anomaly detection tools offering innovative ways to bolster security without compromising on usability. Successful business analysts will view this not as a zero-sum situation but as a chance to create systems that promote business success in a secure and accessible digital environment. adrian Mon, 20 Oct 2025 00:16:00 GMT f1397696-738c-4295-afcd-943feb885714:7060 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7042/From-Least-Privilege-to-Adaptive-Privilege-BAs-Role-in-Dynamic-Access-Control.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=7042 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=7042&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7042/From-Least-Privilege-to-Adaptive-Privilege-BAs-Role-in-Dynamic-Access-Control.aspx Emerging opportunities and responsibilities are presented to business analysts (BAs), offering a chance to bridge the business needs, influence technical design, and provide governance requirements. This further enables the BAs to define, validate, and guide in the process of changing to the adaptive access control. adrian Sun, 28 Sep 2025 04:27:00 GMT f1397696-738c-4295-afcd-943feb885714:7042 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7010/The-Critical-Role-of-Business-Analysts-in-Strengthening-Information-Security.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=7010 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=7010&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/7010/The-Critical-Role-of-Business-Analysts-in-Strengthening-Information-Security.aspx In today’s hyper-connected world, information security is no longer just the domain of IT specialists and cybersecurity professionals. As organizations face an ever-evolving landscape of cyber threats, the role of the Business Analyst (BA) has become increasingly vital in safeguarding sensitive data, ensuring regulatory compliance, and embedding security into the very fabric of business operations. Business Analysts are uniquely positioned at the intersection of business objectives and technical solutions, making them indispensable allies in the fight to protect organizational assets. adrian Sun, 31 Aug 2025 04:34:00 GMT f1397696-738c-4295-afcd-943feb885714:7010 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6867/Security-Debt-Starts-at-Discovery-Embedding-Risk-into-Process-Mapping.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=6867 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=6867&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6867/Security-Debt-Starts-at-Discovery-Embedding-Risk-into-Process-Mapping.aspx This article discusses how the discovery process must shift from a merely functional exploration to one that includes a structured view of risk. By including security considerations in process mapping from the start, businesses may prevent the accumulation of security debt and design systems that are both robust and compliant. adrian Wed, 18 Jun 2025 04:32:00 GMT f1397696-738c-4295-afcd-943feb885714:6867 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6751/Designing-with-Least-Privilege-A-BAs-Guide-to-Role-and-Access-Modeling.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=6751 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=6751&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6751/Designing-with-Least-Privilege-A-BAs-Guide-to-Role-and-Access-Modeling.aspx Integrating least privilege into business analysis is critical for developing secure, well-governed systems. When role modeling is handled early, business analysts help reduce unnecessary access, reduce compliance gaps, and improve operational efficiency throughout the organization. Analysts can make substantial contributions to access governance throughout the system lifecycle by leveraging tools like CRUD matrices, role-function overlays, and access review templates. Access modeling, when it is used as part of core business analysis, improves audit readiness, enhances regulatory compliance, and reduces the risk of privilege misuse before it becomes a major issue. adrian Sun, 18 May 2025 22:39:00 GMT f1397696-738c-4295-afcd-943feb885714:6751 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6688/Threat-Modelling-for-Business-Analysts-Security-Considerations-Within-Business-Processes.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=6688 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=6688&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6688/Threat-Modelling-for-Business-Analysts-Security-Considerations-Within-Business-Processes.aspx Business analysts (BAs) are critical in ensuring that security issues are pegged into business processes as early as possible. One of the best methods in eliminating security risks is through threat modelling. It is one of the best strategies for reducing the risks associated during the undertaking of systems operations in a company. By and large, threat modelling is an effective methodology that analysts can apply to address security risks within business processes. With this technique, BAs can work more effectively with security and development teams to ensure that processes are secure, compliant and well designed. adrian Mon, 24 Feb 2025 02:31:00 GMT f1397696-738c-4295-afcd-943feb885714:6688 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6653/Measuring-Incident-Response-Effectiveness-Key-Metrics-and-KPIs-for-Business-Analysts.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=6653 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=6653&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/6653/Measuring-Incident-Response-Effectiveness-Key-Metrics-and-KPIs-for-Business-Analysts.aspx Imagine you have just led a successful incident response effort, restoring order after a critical cyberattack. Systems are back online, data is secured, and the team breathes a sigh of relief. But the question lingers-how do you know if your response was truly effective? This is where metrics and key performance indicators (KPIs) come in, and business analysts play a vital role in defining them. Metrics and KPIs help organizations assess how well they manage and mitigate cybersecurity incidents. For business analysts, identifying the right KPIs for incident response is essential not only for evaluating current processes but also for driving improvements. Let's explore how BAs can create a powerful set of KPIs to gauge incident response effectiveness and ultimately enhance business resilience. adrian Sun, 29 Dec 2024 22:43:00 GMT f1397696-738c-4295-afcd-943feb885714:6653 https://modernanalyst.com/Resources/Articles/tabid/115/ID/5776/Employee-surveillance-the-latest-command-and-control-disease.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=5776 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=5776&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/5776/Employee-surveillance-the-latest-command-and-control-disease.aspx With the massive shift to working from home we now see a plethora of tech companies flogging new employee surveillance tools. You can readily see their appeal to command-and-control thinkers. If you think, as they do, that managing employee activity is crucial, then to know who’s doing things and who’s taking the mickey is grist to their mill. But these tools will undermine performance and morale. Think about it from the employee’s point of view. Your boss can see your emails, any documents you read or create, your appointments, who you talk to, and when; can listen to or read transcriptions of your calls. Your boss can see your computer screen, can monitor your internet use, the sites you visit and for how long. Your boss can even turn on your camera and watch you at work. Transform VA Sun, 18 Jul 2021 04:35:00 GMT f1397696-738c-4295-afcd-943feb885714:5776 https://modernanalyst.com/Resources/Articles/tabid/115/ID/5249/How-to-Improve-Cyber-Security-with-Enterprise-Architecture.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=5249 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=5249&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/5249/How-to-Improve-Cyber-Security-with-Enterprise-Architecture.aspx Personally, I believe the best approach to enterprise risk and security management (ERSM) is to rely on several open standards, most notably the ArchiMate standard for enterprise architecture modeling, as well as the Open FAIR standard for information risk management. More details are described in The Open Group’s white paper on modeling enterprise risk management and security. Transform VA Sun, 24 Feb 2019 07:14:00 GMT f1397696-738c-4295-afcd-943feb885714:5249 https://modernanalyst.com/Resources/Articles/tabid/115/ID/3149/Requirements-for-Devices-Around-Us-Embedded-Systems-Part-2.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=3149 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=3149&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/3149/Requirements-for-Devices-Around-Us-Embedded-Systems-Part-2.aspx  In this article we look at some quality attributes that are particularly vital to explore when specifying requirements for embedded systems projects. Quality attributes for embedded systems can be much more complex and intertwined than those for other applications. Business software is generally used in an office where there’s not much variance in the environment. In contrast, the operating environment for embedded systems could involve temperature extremes, vibration, shock, and other factors that dictate specific quality considerations. Transform VA Mon, 23 Oct 2017 00:43:00 GMT f1397696-738c-4295-afcd-943feb885714:3149 https://modernanalyst.com/Resources/Articles/tabid/115/ID/3807/Security-Requirements-Engineering.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=3807 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=3807&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/3807/Security-Requirements-Engineering.aspx When security requirements are considered at all during the system life cycle, they tend to be general lists of security features such as password protection, firewalls, virus detection tools, and the like. These are, in fact, not security requirements at all but rather implementation mechanisms that are intended to satisfy unstated requirements, such as authenticated access. As a result, security requirements that are specific to the system and that provide for protection of essential services and assets are often neglected. In addition, the attacker perspective is not considered, with the result that security requirements, when they exist, are likely to be incomplete. We believe that a systematic approach to security requirements engineering will help to avoid the problem of generic lists of features and to take into account the attacker perspective. Several approaches to security requirements engineering are described here and references are provided for additional material that can help you ensure that your products effectively meet security requirements. adrian Mon, 17 Jul 2017 12:19:00 GMT f1397696-738c-4295-afcd-943feb885714:3807 https://modernanalyst.com/Resources/Articles/tabid/115/ID/2181/Building-the-Security-Model-with-Use-Case-and-Class-Models.aspx#Comments 2 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=2181 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=2181&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/2181/Building-the-Security-Model-with-Use-Case-and-Class-Models.aspx In writing a business requirements document (BRD), the business analyst needs to document who can access the solution (assuming software) and what data can be created, updated, read, and deleted (CRUD). In other words, a security model that a security analyst can build access profiles with the appropriate privileges.  This article provides the business analyst a method for documenting a security model in the BRD based on information extracted from Use Case and Class models Transform VA Mon, 11 Jun 2012 05:05:00 GMT f1397696-738c-4295-afcd-943feb885714:2181 https://modernanalyst.com/Resources/Articles/tabid/115/ID/849/10-Information-Resources-a-Business-Analyst-can-get-from-a-Security-Analyst.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=849 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=849&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/849/10-Information-Resources-a-Business-Analyst-can-get-from-a-Security-Analyst.aspx The reason is simple, anyone involved in Information Security needs a detailed understanding around how things work; where the dependencies are, the inner workings of programs and applications, who has administrative control over sensitive information, where the information is being stored, and how clients and programs interact with the data. Performing threat risk assessments (TRA) involves an intimate understanding of a solution or service. This means everything from the pretty UI right down to the bits of code your development team scribed to make it look that way.  The only way to understand these systems is via detailed communication with stakeholders, architects, business analysts, systems and network administrators, executives, clients and their technical resources, board members, vendors, ISPs, and the list goes on. adrian Sat, 07 Mar 2009 08:56:00 GMT f1397696-738c-4295-afcd-943feb885714:849 https://modernanalyst.com/Resources/Articles/tabid/115/ID/625/Lessons-Learned-Share-Them.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=625 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=625&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/625/Lessons-Learned-Share-Them.aspx Here we are, the end of another year, and the question I ask always is, what have we learned? If we are not learning something, be it from a success or a failure, or something in-between, then how can we move forward? Information security is something that needs to continuously improve and refine itself, otherwise it will fall behind the curve of those that choose a different avenue to your beloved data store. A tool that information security practitioners often use, especially after a security incident like a virus outbreak or full out attack, is holding a “Lessons Learned” meeting. The core concept is to be able to take something away for the incident, no matter how big or small, so that the next encounter of a similar kind does not have the same result as the first. adrian Sat, 06 Dec 2008 08:00:00 GMT f1397696-738c-4295-afcd-943feb885714:625 https://modernanalyst.com/Resources/Articles/tabid/115/ID/603/Getting-up-to-Speed-on-Threat-Risk-Assessment-Finding-Reports.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=603 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=603&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/603/Getting-up-to-Speed-on-Threat-Risk-Assessment-Finding-Reports.aspx It’s Monday morning and, as you arrive at your desk, you know that it is going to be a busy day. The new portal project is going to be promoted into production in a couple of weeks and there are still a few items to clear up. As you fire up your e-mail client and take the first sip of coffee, your shoulders start to tense up. The subject line of one of your e-mails reads “Threat Risk Assessment Finding Report” and it is marked important. This not the way you wanted to start the week, but you remember the report was due on Friday, the day you decided to “call in sick”. As you open the message, realizing you can no longer avoid it, you cross your fingers hoping it won’t be too bad. Then you remember why you hate these reports so much, they are confusing and seem overly alarming in their findings. Critical, Severe, High, Medium and Important findings all over the place, red, orange and yellow screaming in your face, reams and reams of technical output, patches missing, vulnerabilities exposed, buffer overflows, exploitations amok, privilege escalations, and on and on. Oh your head hurts now. Where do you begin? What’s important, and how much is this going to push the timeline back? You know the launch is in two weeks and there are functional issues that need to be addressed, there is no time to deal with all this! adrian Sun, 09 Nov 2008 08:00:00 GMT f1397696-738c-4295-afcd-943feb885714:603 https://modernanalyst.com/Resources/Articles/tabid/115/ID/574/Security-Tool-Chest-Checklists.aspx#Comments 1 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=574 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=574&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/574/Security-Tool-Chest-Checklists.aspx Every career has a set of skills that one needs to do their job, and a set of tools to carry out the various tasks required to display their skills. Same is the case for the analyst involved in security assessment... I have chosen the all mighty checklist as my tool of choice for this article. cadams5 Sun, 05 Oct 2008 07:00:00 GMT f1397696-738c-4295-afcd-943feb885714:574 https://modernanalyst.com/Resources/Articles/tabid/115/ID/506/Security-is-Everyones-Responsibility.aspx#Comments 2 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=506 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=506&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/506/Security-is-Everyones-Responsibility.aspx As business professionals, we need to understand that security is everyone’s responsibility; and that is especially true for business analysts, project managers, systems analysts, and others in the position of defining processes, technical architecture, or decision support. If you are involved in a project that deals with information business assets, then you need to be thinking about the confidentiality and integrity of those assets throughout your project. There are questions you need to be asking yourself, as well as others on the project, to better understand the security implications of a particular process, technology, or design element of that project. adrian Tue, 12 Aug 2008 02:00:00 GMT f1397696-738c-4295-afcd-943feb885714:506 https://modernanalyst.com/Resources/Articles/tabid/115/ID/482/The-Security-Lifecycle.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=482 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=482&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/482/The-Security-Lifecycle.aspx In my last column I introduced you to the role of a typical security analyst, and explained that security is a part of the business lifecycle. In this column, I will dive into that concept, and I will highlight some of the areas a security analyst might play in determining the risk to an asset throughout its life span. So what is a ‘lifecycle’ in business terms? There are many definitions, and if you ask any modern analyst you will get their own tweaked version of that answer. For our sake, let’s say a lifecycle is the cycle of life of a business asset from birth through to an end stage. adrian Tue, 08 Jul 2008 02:15:00 GMT f1397696-738c-4295-afcd-943feb885714:482 https://modernanalyst.com/Resources/Articles/tabid/115/ID/437/Insert-Security-Here-.aspx#Comments 1 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=437 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=437&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/437/Insert-Security-Here-.aspx That unfamiliar voice at the table was an IT Security Analyst, facing a common challenge in the modern day business, getting the project implemented, while ensuring the right security controls are in place. Where a Business Analyst typically looks at requirements for a project to meet the objectives of the business, or a Systems Analyst looks at the needs of the technology to enable the business to meet the objective, a Security Analyst has too look at the dream.  The “dream” encompasses “we would like to make money” to “we are opening up this firewall port” and everything in-between. The overall goal of the Security Analyst is finding and mitigating risk to the business, the businesses assets, and the technology infrastructure both current and future. We need to take in an insane amount of factors in about a project and calculate threats, vulnerabilities, and the likelihood of exploitation of these. Mix it in with a little gut feelings based on experience, and inform the business that what they want to do may introduce or magnify risk to their organization. adrian Mon, 09 Jun 2008 00:00:00 GMT f1397696-738c-4295-afcd-943feb885714:437 https://modernanalyst.com/Resources/Articles/tabid/115/ID/443/How-vulnerable-are-you-A-crash-course-in-software-security.aspx#Comments 0 https://modernanalyst.com/DesktopModules/DnnForge%20-%20NewsArticles/RssComments.aspx?TabID=115&ModuleID=572&ArticleID=443 https://modernanalyst.com:443/DesktopModules/DnnForge%20-%20NewsArticles/Tracking/Trackback.aspx?ArticleID=443&PortalID=0&TabID=115 https://modernanalyst.com/Resources/Articles/tabid/115/ID/443/How-vulnerable-are-you-A-crash-course-in-software-security.aspx Software security remains a hot topic. Everyone from grandmothers to Fortune 500 companies has heard the stories of identity theft, data loss, and general mayhem caused by viruses and attackers on the Internet. In the first quarter of 2008 alone, 1,474 different software vulnerabilities were reported with only 64 of them having posted solutions. That's a resolution rate of about 4%. With all the buzz about software and system security, the computer world may seem to be in total chaos, leading many to ask, "How vulnerable am I?" In this article I present some of the results of a recent security project at Worcester Polytechnic Institute (WPI), along with additional research. My intention is to demonstrate what software security is by demystifying common terminology and providing realistic examples of typical security exploits. This article is not intended to provide a comprehensive computer security education, but rather to serve as an introduction to some of the key topics in the vast and expanding field of information security. Author: Bob Breznak host Thu, 15 May 2008 06:04:00 GMT f1397696-738c-4295-afcd-943feb885714:443