LEADER 06606nam 22006135 450 001 9910298992803321 005 20200629171549.0 010 $a3-658-06708-X 024 7 $a10.1007/978-3-658-06708-3 035 $a(CKB)3710000000262088 035 $a(EBL)1965831 035 $a(OCoLC)908084361 035 $a(SSID)ssj0001372366 035 $a(PQKBManifestationID)11883347 035 $a(PQKBTitleCode)TC0001372366 035 $a(PQKBWorkID)11319566 035 $a(PQKB)10121339 035 $a(MiAaPQ)EBC1965831 035 $a(DE-He213)978-3-658-06708-3 035 $a(PPN)182094014 035 $a(EXLCZ)993710000000262088 100 $a20141017d2014 u| 0 101 0 $aeng 135 $aur|n|---||||| 181 $ctxt 182 $cc 183 $acr 200 10$aISSE 2014 Securing Electronic Business Processes$b[electronic resource] $eHighlights of the Information Security Solutions Europe 2014 Conference /$fedited by Helmut Reimer, Norbert Pohlmann, Wolfgang Schneider 205 $a1st ed. 2014. 210 1$aWiesbaden :$cSpringer Fachmedien Wiesbaden :$cImprint: Springer Vieweg,$d2014. 215 $a1 online resource (278 p.) 300 $aDescription based upon print version of record. 311 $a3-658-06707-1 320 $aIncludes bibliographical references and index at the end of each chapters. 327 $a""Contents""; ""About this Book""; ""TeleTrusT a??? IT Security Association Germany""; ""EEMA""; ""SAFECode Whitepaper: Fundamental Practices for Secure Software Development 2nd Edition""; ""1 Secure Design Principles""; ""1.1 Threat Modeling""; ""1.1.1 CWE References1""; ""1.1.2 Verification""; ""1.2 Use Least Privilege""; ""1.2.1 CWE References""; ""1.2.2 Verification""; ""1.3 Implement Sandboxing""; ""1.3.1 CWE References""; ""1.3.2 Verification""; ""2 Secure Coding Practices""; ""2.1 Minimize Use of Unsafe String and Buffer Functions""; ""2.1.1 Automatic use of safer functions"" 327 $a""2.1.2 CWE References""""2.1.3 Verifikation""; ""2.2 Validate Input and Output to Mitigate Common Vulnerabilities""; ""2.2.1 CWE References""; ""2.2.2 Verification""; ""2.3 Use Robust Integer Operations for Dynamic Memory Allocations and Array Offsets""; ""2.3.1 CWE References""; ""2.3.2 Verification""; ""2.4 Use Anti-Cross Site Scripting (XSS) Libraries""; ""2.4.1 CWE References""; ""2.4.2 Verification""; ""2.5 Use Canonical Data Formats""; ""2.5.1 CWE References""; ""2.5.2 Verification""; ""2.6 Avoid String Concatenation for Dynamic SQL Statements""; ""2.6.1 CWE References"" 327 $a""2.6.2 Verification""""2.7 Eliminate Weak Cryptography""; ""2.7.1 CWE References""; ""2.7.2 Verification""; ""2.8 Use Logging and Tracing""; ""2.8.1 CWE References""; ""2.8.2 Verification""; ""3 Testing Recommendations""; ""3.1 Determine Attack Surface""; ""3.2 Use Appropriate Testing Tools""; ""3.3 Perform Fuzz / Robustness Testing""; ""3.4 Perform Penetration Testing""; ""3.4.1 CWE References""; ""3.4.2 Verification""; ""4 Technology Recommendations""; ""4.1 Use a Current Compiler Toolset""; ""4.1.1 CWE References""; ""4.1.2 Verification""; ""4.2 Use Static Analysis Tools"" 327 $a""4.2.1 CWE References""""4.2.2 Verification""; ""5 Summary of Practices""; ""6 Moving Industry Forward""; ""About SAFECode""; ""Security Management, CISO Inside""; ""In-House Standardization of Security Measures: Necessity, Benefits and Real-world Obstructions""; ""1 Understanding Standardization""; ""1.1 In-house motivation""; ""1.2 Definition: standards and norms""; ""2 Necessity and benefits""; ""2.1 Necessity: IT service provisioning""; ""2.2 Benefits: quality and cost improvements""; ""2.3 CISO specifics""; ""3 What can be standardized""; ""4 Obstacles and solutions"" 327 $a""4.1 Business factors""""4.2 Security factors""; ""4.3 Human factors""; ""5 Summary""; ""References""; ""An Effective Approach for Assessing the Risk of Acquired IT Products""; ""1 Software Vulnerabilities and the Laws of Software Assurance""; ""1.1 What are Software Vulnerabilities?""; ""1.2 What is the Difference between Software Vulnerabilities and Software Errors?""; ""1.3 How do we Address Software Vulnerabilities?""; ""2 Risk Management""; ""2.1 What is the Relationship between Software Vulnerabilities and Risk Management?"" 327 $a""2.2 How do Organizations Assess the Risk of Acquired IT Products Today?"" 330 $aThis book presents the most interesting talks given at ISSE 2014 ? the forum for the interdisciplinary discussion of how to adequately secure electronic business processes. The topics include: - Trust Services, eID and Cloud Security - BYOD and Mobile Security - Cybersecurity, Cybercrime, Critical Infrastructures - Security Management, CISO Inside - Privacy, Data Protection, Human Factors - Regulation & Policies Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE 2014. Content Trust Services, eID, Cloud Security & Management ? BYOD, Mobile Security & Applications ? Cybersecurity, Cybercrime, Critical Infrastructures ? Security Management, CISO?s Experiences ? Human Factors, Awareness & Privacy ? Regulations and Policies Target Groups Chief Information Security Officers Developers of Electronic Business Processes IT Managers IT Security Experts Researchers Editors Norbert Pohlmann: Professor for Information Security and Director of the Institute for Internet Security at the Westphalian University of Applied Sciences Gelsenkirchen. Additionally he is president of the IT Security Association TeleTrusT. Helmut Reimer: Senior Consultant, TeleTrusT Wolfgang Schneider: Senior Adviser, Fraunhofer Institute SIT. 606 $aComputer security 606 $aSystems and Data Security$3https://scigraph.springernature.com/ontologies/product-market-codes/I28060 615 0$aComputer security. 615 14$aSystems and Data Security. 676 $a004 676 $a005.8 702 $aReimer$b Helmut$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aPohlmann$b Norbert$4edt$4http://id.loc.gov/vocabulary/relators/edt 702 $aSchneider$b Wolfgang$4edt$4http://id.loc.gov/vocabulary/relators/edt 906 $aBOOK 912 $a9910298992803321 996 $aISSE 2014 Securing Electronic Business Processes$91991480 997 $aUNINA