At http://www.v3.co.uk/v3-uk/news/2201863/uk-data-breaches-rocket-by-1-000-percent-over-past-five-years there is an interesting report on the increase in data breaches reported in the UK.

A lot of this increase may simply a change in legislation that has made reporting a statutory obligation.

Some questions to ask yourself:

• Are server logs checked for untoward activity?
• Do you have a reporting policy if something is amiss?
• Did you design security in for the start of your application design?
• Do you log for example failed logons?
• Do you run tools to check for code integrity?
• Is my defense, a strategy of defense in depth?
• Do you realise that 60% of hack attacks are internal?
  

Whilst SQL Injection is a problem that affects practically all application code platforms, within Microsoft Applications do you run FXCOP? Do you run any of the other free tools for checking?