Main Nav

Hi,

Do you use a web site security scanning service such as McAfee Secure on your public-facing websites? If so:

- Which service(s) do you use?
- Are you happy with them?
- Do they offer a "seal" (little graphic that you display on the site)?
- If they do offer a seal, do you display it? Why or why not (just curious)? 

Years ago there used to be just a few of these services, but now that PCI scanning is big business, there's a gazillion of them and it's tough to separate the wheat from the chaff.

Please note that I am NOT asking about website security scanning software; that's not what we're interested in at the moment.

Thanks,
--Dave 


--

DAVID A. CURRY, CISSP • DIRECTOR OF INFORMATION SECURITY

THE NEW SCHOOL • 55 W. 13TH STREET • NEW YORK, NY 10011

+1 212 229-5300 x4728 • david.curry@newschool.edu


Comments

>Do you use a web site security scanning service such as McAfee Secure on your public-facing websites? If so:

 

- Which service(s) do you use?  --McAfee Secure (ScanAlert “Hacker Safe” prior to acquisition)

- Are you happy with them?   --Mostly.  Cost is reasonable. One-time “on-demand” scans are inexpensive. Web developers know vulnerabilities are likely to be caught, so typically are more careful about checking before publishing. Scans are pretty good at identifying XSS, SQL Injection, SSL/Cert issues, etc., and the reports offer suggested remediation.  When scans detect something, I can simply attach the report and send it to the developer/admin, they can see where the vulnerability is and how to fix it.

- Do they offer a "seal" (little graphic that you display on the site)?   --Yes.

- If they do offer a seal, do you display it? Why or why not (just curious)?    --On some pages/sites.  The service was initially requested by our marketing folks, specifically so they could place the logo on any of our sites where personal/sensitive information is collected.  I was pleasantly surprised to find the scan data is actually useful.

 

___________________________________

Daniel V. O'Callaghan, Jr., MBA, CISSP

Chief Information Security Officer

Sinclair Community College

444 W Third St, 13-000B

Dayton, OH 45402

937.512.2452

 

 

Close
Close


EDUCAUSE Connect
View dates and locations

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.