Blog Archives

Road Map for an Application/Software Security Architect (Part 5)

April 9, 2010
By admin

Without a Digital Identity, how would you expect to do any authentication? And with an incomplete Digital Identity, how would you expect to get the authorization done correctly? Without the proper data model and the expectation that it would have the correct data (besides being in the right place at the right time), securing...

Read more »

Road Map for an Application/Software Security Architect (Part 4)

April 9, 2010
By admin

Planning your application’s use of the digital identity is not an after-thought of system architecture. At the least, it might offer the occasional lack of reliable and conflicting information. At the worst, it provides little, if no protection, at all. And like the proverbial little dutch boy, you will be putting fingers in the...

Read more »

Road Map for an Application/Software Security Architect (Part 3)

April 9, 2010
By admin

Risk assessments for application software is not a matter of a quick penetration test nor a matter of code reviews at a single point in time. It is a process of moving through the application/solution’s Software Development Life Cycle (SDLC) and evaluating the results of the controls that are put in place at each...

Read more »

Road Map for an Application/Software Security Architect (Part 2)

April 9, 2010
By admin

Vulnerability testing at the acceptance stage of an application’s Software Development Life Cycle (SDLC) will not compensate for the lack of an understanding of what is being done during the software development even though you may not have control over the development efforts. You need a plan that puts those controls in place and...

Read more »

Road Map for an Application/Software Security Architect (Part 1)

April 9, 2010
By admin

With the level of security concerns about security, it is interesting that there is not more concern with a holistic focus on application security. Numerous articles are citing chilling statistics about security breaches, with the majority (some use the figure of 80%) being related to applications. It is not for lack of information as...

Read more »

CionSystems Releases New Version of its Active Directory Manager Pro

January 13, 2010
By admin

We released the newest version of its application, Active Directory Manager Pro, which works with Microsoft Windows ServerĀ® 2008 R2 to offer customers enhanced security, as well as innovative user interface features and reliability improvements. The Active Directory Manager Pro is an affordable and comprehensive web-based application that greatly improves and automates User Provisioning,...

Read more »

Removing Windows SharePoint Services 3.0

December 2, 2009
By admin

As Sharepoint becomes mainstream, sometimes is nice to remember the little things. Recently we had a case where we had to do just that. We removed Sharepoint Services 3.0 and reinstaled it, only to notice the same info on the webpage. We did a little digging and came across an article from Microsoft pointing...

Read more »

CionSystems named Startup of the Day by Microsoft

July 17, 2009
By admin

CionSystems has been selected as a 2009 Microsoft Startup of the Day. The company was chosen out of an international field of startups as delivering market-leading customer solutions built on Microsoft technology.Ā  Building affordable and secure Active Directory management applications for the Windows infrastructure has been the focus from the beginning. “We are honored...

Read more »

Administrative Security Risks

April 16, 2009
By admin

IT personnel cannot effectively manage their infrastructure without admin-level access. But with gaining this access comes great responsibility. Most companies do not effectively allocate their resources or implement enough technology tools to prevent information security risks. Often enough the response to countless regulations is to concentrate on building controls against external and internal business...

Read more »

Identity and access management

March 21, 2009
By admin

Access control is often discussed as part of identity and access management (IAM). This is a market that has grown during the past few years thanks to more and more organizations wanting to satisfy compliance requirements. Better access control is needed- not just for compliance, but also to address vulnerabilities and safeguard against malicious...

Read more »