• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Junilu Lacar
  • Martin Vashko
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Scott Selikoff
  • salvin francis
  • Piet Souris

Question to Christopher Steel and Ramesh Nagappan on Management

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

We are moving from our application from Client Server(Visual Basic) to Java J2EE. We had for long been advising the management on this. Finally they accepted because they want the customers to get supported through the web. Ours is a privately held company and are very strict on budget. How do you convince the management to allocate more budget to hire good resources for implementing sound Web security framework and good practices. Does your book cover any of these from a management perspective?

Thanks,
Zafar Azeem.
 
Author
Posts: 159
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you need to justify your manangement...then I would recommend to read Chapter 8 - "The Alchemy of Security Design: Security Methodology, Patterns and Reality Checks".

This chapter is posted as a free sample and it is available for download at:
http://www.coresecuritypatterns.com/downloads/CoreSecurityPatterns_Ch8_Steel_Nagappan.pdf

Goodluck.

/Ramesh
 
Greenhorn
Posts: 23
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Zafar,
Justifying the need for good developers and a solid security framework to management is often hard. It is like selling insurance, you don't need it unless something goes wrong. The best approach is to do a thorough risk analysis and spell out the liability to the company if the application is compromised. Your management then needs to make a business decision as to how much to invest in security based on the liability. By stating quantitatively the risks and liability, you have put the responsibility on your management officially. Most managers who are cognizant of the risks and the fact that it is their responsibility, will take the appropriate measures.
 
I like tacos! And this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!