RE: protecting web apps for governaments

[Dan Lynch <DLynch () placer ca gov>]

> From: Miguel Gracia
> Sent: Tuesday, June 19, 2012 9:58 AM
> To: marco cohen; security-basics () securityfocus com
> Subject: RE: protecting web apps for governaments
>
> There is no such thing as too much protection. If the company 
> feels comfortable with this and thus requests nothing less, 
> then it is worth having. From a technical standpoint, it may 
> be overkill but it may be a requirement depending on audits 
> done on the company and/or web apps.


Protecting $100 worth of data with $101 worth of mitigation is too much protection. Any security measures you implement 
MUST be justified by the value of the data, and the cost of loss and recovery. 

Granted, this is difficult in a government environment, where you can't calculate losses in terms of sales and revenue. 
You end up with management and elected officals calculating the cost against the near-infinite value of their careers, 
reputations, and egos.

Good luck.


Dan Lynch, CISSP
Information Technology Analyst
County of Placer
Auburn, CA

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------