Publication details

Home Publications Publication details

Testing our defences or defending our tests: the obstacles to performing security assessment
Furnell SM, Papadaki M
Computer Fraud & Security, Volume 2008, Issue 5, May, pp8-12, 2008
Links:  External link available

In the face of mounting online threats it is recognised that staff and systems may be at risk of exploitation by would-be attackers. In this context, organisations that are unprepared and have inadequate protection can easily fall foul of attacks, and there is consequently a strong argument that security must be tested in order to ensure that it actually works as expected. A further argument is that such testing will be most effective if it involves realistic attack scenarios. However, the fact that such attacks are typically deemed to be illegal activities raises the question of how readiness against certain types of threats can reasonably be tested. Indeed, some things simply cannot be tested without introducing potential hazards in the process. Nonetheless, from a security perspective it is clear that taking a proactive stance and becoming aware of the problems is better than discovering them as a result of a genuine incident.

Furnell SM, Papadaki M