24 Feb
2017
24 Feb
'17
3:17 p.m.
How about actively testing your systems with penetration testing?
When being offensive is a good thing!
Bruce Schneier on penetration testing:
https://www.schneier.com/blog/archives/2007/05/is_penetration.html
I'm inclined to agree with most of his points.
Not every theoretical threat ever becomes an actual threat, and not every actual threat is an actual threat for a particular organization. The idea of security management is to apply cost/benefit analysis to find the best means to address actual vulnerabilities in a specific setting.
Thanks.
Ken www.stic-cil.org