At the IET 7th International Conference on System Safety incorporating the Cyber Security Conference in Edinburgh on the 15th-18th October, I gave a presentation on the “Cost effective assessment of the infrastructure security posture”.
My paper discussed an organisation’s security posture and its attack surface area. It showed how remote workers, cloud and Bring Your Own Device (BYOD) have changed the surface area and the challenges introduced to ensuring the security of the organisations infrastructure.
I discussed the cost of a data breach using the Information Security Breaches Survey 2012 by PWC and looked at the annualised cost to small and large organisations of severe breaches. Different assurance techniques such as auditing and assessing can be implemented to protect organisation’s information assets. It was important to explain the difference between vulnerability assessment and penetration testing . Organisations can use cost effective assurance techniques in relation to risk appetite, potential consequences and cost of breaches. Their information security strategy should be based on their size and risk appetite.
As a pen tester and CISSP trainer, I am pleased with the feedback for my presentation. The questions gave me reassurance that many information security professionals realise the benefits of carrying out vulnerability assessments and penetration testing.