White Hat Security expert Jeremiah Grossman: Web security standards available are inadequate for accomplishing task. He says CIOs and CSOs are facing a need for a mature risk-based enterprise website security strategy. A strategy that perhaps begins by addressing the most common question, Where do I start? One simple answer is to locate, value, and prioritize an organization s websites. Describe the most likely threats (attackers), their capabilities, motives and which vulnerability classes are most likely to be targeted.
Source: https://threatpost.com/web-site-security-needs-strategy-032609/72460/