UNIVERSITY of GLASGOW

Computing at Glasgow University
 
Paper ID: 8508
DCS Tech Report Number: TR-2007-242

Web Survey Technical Report
Glisson,W.B. Welland,R.C.

Publication Type: Tech Report (internal)
Appeared in: DCS Technical Report Series
Page Numbers : 27
Publisher: Dept of Computing Science, University of Glasgow
Year: 2007
Abstract:

The reality is that security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. During June and July of 2005, a web survey was hosted at the University of Glasgow to determine how security is realistically perceived and implemented in industry during Web application development. There were fifty-three valid respondents to the survey. The respondent’s titles indicated that the survey involved a range of qualified participants. The participant work experience was predominately from small organizations but the overall numbers did distribute across seven categories of organizational sizes.

Survey analysis indicates that before you can effectively address the security needs of a business there are essential elements that need to be acknowledged, addressed and resolved. These elements identified below are derived from empirical evidence based on the Web survey and supporting literature.

  1. Web Application Development Methodology
  2. Web Security Development Process Definition
  3. End-Users Feed Back
  4. Implement & Test Disaster Recovery Plans
  5. Job Related Impact

The basic principle is that there appears to be fundamental issues with industrial Web Application development that need to be addressed. The elements identified in this survey warrant additional research. Hence, the list is neither exhaustive nor conclusive and the elements are not mandatory for an organization to function. However, their presence will potentially improve the results of a Security Improvement Initiatives (SII) and/or provide a less resistant path to SII identified areas that need improvement. This information can also be used to identify problem areas in SII’s that are currently under construction.


PDF Bibtex entry Endnote XML