Verizon Business introduced an Application Security Program that takes a risk-based approach to protecting the critical data contained within each application. The program helps understand and identify the potential security threats to their applications, and take steps to protect them. Customers also have the option to pursue a Verizon Cybertrust Application Certification, which verifies that their information-security controls, policies and procedures meet a stringent set of standards.
As shown by Verizon Business’ “2009 Data Breach Investigations Report,” hackers often sneak into and compromise a company’s sensitive data and business systems via insecure applications. Of the 285 million compromised records from the 90 confirmed breaches in 2008 that were examined by the report, 79 percent were compromised via Web applications.
The Verizon Application Security Program comprises three tiers: Baseline, Assess and Certify.
In the first tier of the program, Verizon security experts conduct an initial application-risk assessment, which consists of baseline scanning and reviewing the software development lifecycle of the applications. Verizon determines the types of data consumed by specific applications, which is critical to establishing each application’s risk level, and also determines which applications present the highest risk for the business.
The second tier focuses on high-risk applications. Verizon conducts a full-scale review to assess the criticality and severity of impact to the business if these assets were to be exploited. Typical assessment activities include application vulnerability assessments, penetration testing and security source code reviews.
The third tier offers customers the option of pursing the Verizon Cybertrust Application Certification, which verifies that an organization’s information-security controls, policies and procedures have been examined, measured and validated against a stringent set of Verizon security standards.
Verizon said its certification is rigorous, and renewal requires annual recertification. Certified customers can display and share the Verizon Cybertrust seal with customers, partners and prospects to demonstrate that information security is a top priority for them.
The service is available immediately available in the U.S. and in a number of other countries to large-business customers.
http://www.verizonbusiness.com
http://www.verizonbusiness.com/us/products/security
