Access "The penetration tester is alive and well"
This article is part of the January/February 2011 issue of Cloud initiatives are changing roles for information security managers
The malingering debate over the viability and lifespan of penetration testing as an art form and penetration testers as a species is getting tiresome. Tiresome because those doing the arguing generally confuse terms, juxtapose vulnerability management with pen-testing, and generally don't understand what white-hats do during an enterprise poke-and-probe. Let's get it straight once and for all: Pen-testing is not dead. Some vendors and expert types would like you to believe that and will try some Jedi mind-tricks to convince you -- for only a second, hopefully -- that you can, for example, automate penetration testing. You can't. Automated scans are great and are the center spoke of vulnerability management programs. They help with asset discovery and generally are good at telling you what machines are lacking which patches and if you've got a cockeyed configuration or two. But that's not a pen-test, and too many companies are confounding that as a pen-test. Pen-tests are conducted by people who are contracted to infiltrate your organization and hammer away ... Access >>>
Premium Content for Free.
Information security roles growing in influence
Information security managers are getting more of a say in enterprise cloud initiatives and mobile device projects.
The state of critical infrastructure security
Stuxnet put the spotlight on critical infrastructure protection but will efforts to improve SCADA security come too late?
- Information security roles growing in influence
Enforcing endpoint security
by Lisa Phifer, Contributor
Enforcing endpoint security requires careful planning and deployment.
- Enforcing endpoint security by Lisa Phifer, Contributor
Schneier-Ranum Face-Off on whitelisting and blacklisting
Security experts Bruce Schneier and Marcus Ranum debate whether network security should be based on whitelisting or blacklisting.
The penetration tester is alive and well
Automation hasn't killed the penetration tester – yet.
Old information security challenges persist
by Dave Shackleford
A look back at articles from the past shows that the same information security problems persist today.
- Schneier-Ranum Face-Off on whitelisting and blacklisting
More Premium Content Accessible For Free
Secure file transfer: Send large files fast, but keep your system safe
FTP gets big files to colleagues and clients fast, but as the headlines remind us, the threat of electronic break-ins is real. This guide to secure ...
Is your mobile security strategy combating the wrong enemy?
As tablets and smartphones become more integrated into business environments, CISOs are scrambling to put effective countermeasures in place. But too...
What's the best focus for MDM strategy now?
This Technical Guide examines the necessary elements of, and how to implement, a sound mobile device management strategy. Devices will be lost...