Re: Question regarding the best practicies on information security structure within the organization

[websicher () gmail com]

Hi M., 

According to my experience the bigger a company is the lesser one is taking care of information security (other people 
may have other experiences)

Of course officially it's always a "big topic", but oftentimes the only result is a high amount of self-defined 
bureaucracy without no one knowing any details on e.g. the technology of websites they are assessing.

At least in my experience only in very rare cases there's a dedicated person / department available with technically 
skilled people that decide which information security precautions are taken.

I've tested various websites in the pharma business with the result that most of them are medium - highly vulnerable 
against web attacks. Therefore I conclude that IT security and associated processes oftentimes exist on the paper, but 
that indeed they aren't "lived actively".

That's concerning bigger companies only - maybe others can post their experience with smaller companies or from other 
perspectives.

BR
Pascal

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------