Error 404--Not Found |
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:10.4.5 404 Not FoundThe server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. |
| Let's move into a couple of security questions. First, what is the biggest security related problem that you face? Grim: Security is basically a part of our core brand. And as a business leader, we don't mess around with that at American Express because if we have any security breaks, it immediately impacts the power of our brand and the whole image of American Express. But at the same time, we struggle to balance between security and the ease of use for the customer. For instance, when we launched a new online program for managing our core products, we went to 128-bit encryption because that was the emerging standard. But we also understood that most of our customers would not have 128-bit encryption. So we knew the challenge was to get them to upgrade before they could even access our product. The other thing is influencing the partners that we deal with, some of which are pretty small startups that may not have security standards in place. As part of our criteria and review, we do a very thorough analysis of their security standards, because their product and development touches our product and our brands. Quinn: In healthcare, the bigger issue is not just security but the concept of what constitutes privacy confidentiality. That is an extreme hot potato in the government right now, trying to define that between the Executive Branch and Department of Health and Human Services and Congress. Grim: At American Express, we've taken the stand that we want to develop very strong security and privacy on the Internet, so that someone else doesn't do it for us. And I think the industry overall is really looking at it from that perspective. At a lot of companies, maybe yours aren't among them, it's tough for IS professionals to get the money they need to fund security related projects. So how do you put together a strong business case to get this funding? Grim: In our industry it's not necessarily an under-funding that's the challenge. It's actually making sure that, as we develop new [online initiatives], we invite the security team in at the get-go, so we understand what the requirements are and they're integrated throughout the entire development, integration and implementation process. That's where I've seen failure at points -- not because security is under-funded, it just wasn't considered in the beginning. Quinn: I would have to second that. In healthcare we have problems where if a system doesn't have some way of non-repudiating the source of a document, then by the time we get to the e-commerce messaging, business-to-business back end, we're hard pressed to establish the security of the document. We need the emphasis put on at the beginning of the data gathering process so that we have the information necessary to apply the security standards. | |
 
|
|
Responsible for insuring the safety of your network?
NWFusion offers two FREE security e-mail newsletters to help you keep your enterprise network
secure.
Click here to sign-up.
Click here to sign-up.
Three free and easy ways to bring Network World's in-depth editorial content to your own Web site.
Learn more
Learn more