Categories
Strategy

Information Security Strategy, Part 1

The Problems of Security Testing and Unmanageable Reports

I’d like to talk a little bit about security testing, the problem of information overload and issue prioritisation. To do this I intend on broadly discussing some of the problems of the various options for security testing that organisations have.

I’ve written about some related things before, if you’d like a warm up:

However, I’d like to look a little at security a little more strategically today and to discuss the wider problems with security testing. To centre around the idea that, there are three main problems with the way companies approach security testing:

Categories
Strategy

Security is Hard: Where Do I Start?

This post is not supposed to be a complete list of steps a company should take when securing a network, system, or company – but more of a handy reference for when companies ask me: “Where do we even start?” Which happens about once a week…