This is the first of a series of posts describing how to put together a security testing strategy and the associated test plans. Part two is here and part three is here. What is a security test strategy A security test strategy is a key document deliverable to get into…
Author: Phil
What I need from pen test reports.
I get a lot of pen test reports to read. They vary from beautifully crafted prose extolling the skilled exploitation of the system by security testing artistes to functional dumps of tool output into a word format by jobbing vulnerability scanners. Usually I read that report once, I use the…
Infosec London, BsidesLondon & DC4420 – A busy few days
This week I dived back into the UK security industry outside my current little security silo to see what people were up to and see what I’d missed. I made it to Infosecurity Europe 2011 on Tuesday afternoon. Infosec is a vendor exhibition, they’ve tagged on a set of lectures but they…
User-Sourced Security Monitoring
One of the constant challenges I face delivering big systems is meeting the protective monitoring requirements. A lot of the requirement to spot technical events (low level network probing, back door installation, beaconing and command and control channels) can be covered with a bundle of vendor products integrated into a…
6 Questions about security the board care about
Another short post to break up the big essays I tend to write. These are the questions any Security Manager worth his salt needs to have prepared answers for anytime he attends the board of the company or socialises with board members: Are we safe ? Can I take responsibility for…