Testing our defences or defending our tests: the obstacles to performing security assessment

SM Furnell, M Papadaki

Research output: Contribution to journalArticlepeer-review

Abstract

In the face of mounting online threats it is recognised that staff and systems may be at risk of exploitation by would-be attackers. In this context, organisations that are unprepared and have inadequate protection can easily fall foul of attacks, and there is consequently a strong argument that security must be tested in order to ensure that it actually works as expected. A further argument is that such testing will be most effective if it involves realistic attack scenarios. However, the fact that such attacks are typically deemed to be illegal activities raises the question of how readiness against certain types of threats can reasonably be tested. Indeed, some things simply cannot be tested without introducing potential hazards in the process. Nonetheless, from a security perspective it is clear that taking a proactive stance and becoming aware of the problems is better than discovering them as a result of a genuine incident.
Original languageEnglish
Pages (from-to)8-12
Number of pages0
JournalComputer Fraud & Security
Volume2008
Issue number5
Publication statusIn preparation - 1 May 2008

Fingerprint

Dive into the research topics of 'Testing our defences or defending our tests: the obstacles to performing security assessment'. Together they form a unique fingerprint.

Cite this