SlideShare a Scribd company logo

Why IT Systems Need Regular Penetration Tests

IT Network marcus evans
IT Network marcus evans

Interview with: Chris Gatford, Managing Director, HackLabs Pty Limited

Business
1 of 2
Download to read offline
Interview with: Chris Gatford, Managing Director, HackLabs Pty Limited “Many companies perform some IT system vulnerability tests, but that is not enough. CIOs must also conduct penetration tests, simulate an attack on their system and mimic the actions of an attacker without the usual dangers,” advises Chris Gatford, Managing Director, HackLabs Pty Limited. Hacklabs is a sponsor company at the marcus evans Australian CIO Summit 2017, taking place in the Gold Coast, Australia, 19 – 21 July. What issues are CIOs facing today? Many organisations in Australia have never really focused on information security. With budget constraints and fewer staff, they often lack standard IT security controls, but we have seen significant attacks recently and ransomware is becoming a big problem. Australia is a trusting nation so people tend to click on things that show up in their inbox. CIOs must put protective and preventative controls (such as security awareness training) in place to identify security issues before they arise. How does a penetration test differ from a vulnerability assessment? Why is it necessary? A penetration test highlights security controls that are both working and not in place. Compared to a vulnerability assessment, a penetration test actually exploits weaknesses to determine what information is actually exposed. It looks for vulnerabilities that could disrupt the confidentiality, availability or integrity of the network. CIOs can see what happens in an attack in a safe and controlled way, and can address issues accordingly. The reason why they need to perform a penetration test over a vulnerability assessment is to actually prove beyond doubt that a vulnerability is present. Why do you consider a penetration test both art and science? It requires a skilful practitioner to put a hacker’s hat on, adopt the mindset, and apply it to compromising the environ- ment. This is not something an automated tool can do, it requires intellect and out-of-the-box thinking. This is where the art of testing comes into it. Most CIOs probably think they are doing enough to prevent attacks. What vulnerabilities do they tend to overlook? One of the most common mistakes CIOs make is only test their own environ- ment, and not think more broadly. They do not test third parties that hold the same sensitive information from their organisation or fail to ask them for evidence that they are performing penetration tests. This could be a provider for accounting software or billing services. They also do not test their people. It is very easy for an attacker to get sensitive information from employees. Attackers do not need system vulner- abilities to gain access to data. CIOs should not be afraid to test employees with social engineering, not just email but also phone calls and in-person requests. The physical boundary should also be tested to make sure there are no gaps that allow an attacker into the organisation. Many security events actually go unnoticed. Our tests are often done without IT’s knowledge, and as IT typically does not monitor systems for unusual behaviour, it rarely sees anything and is unaware that a penetration is under way or concluded until it is provided the results. How frequently should penetration tests be done? At least twice a year, as technologies and attacks change, and when the organisation changes applications, infrastructure or providers. CIOs must keep up to date with this. We do this daily and it is still a struggle to keep up with the industry. Therefore anyone who is tasked with managing information security on top of their existing workload just does not stand a chance. CIOs must put protective and preventative controls in place to identify security issues before they arise Why IT Systems Need to Conduct IT System Penetration Tests
The Information Technology Network - marcus evans Summits deliver peer-to-peer information on strategic matters, p r o f e s s i o n a l t r e n d s a n d breakthrough innovations. Please note that the Summit is a closed business event and the number of participants strictly limited. About the Australian CIO Summit 2017 The Australian CIO Summit is the premium forum bringing elite buyers and sellers together. The Summit offers enterprise and government chief information officers and IT solution providers and consultants an intimate environment for a focused discussion of key drivers for IT innovation. Taking place at the RACV Royal Pines Resort Gold Coast, Queensland, Australia, 19 - 21 July, the Summit includes presentations on aligning technology, upgrading capabilities and redefining processes, implementing the correct cloud model, rethinking IT organisational structures and navigating legacy systems. www.australianciosummit.com Contact Sarin Kouyoumdjian-Gurunlian, Press Manager, marcus evans, Summits Division Tel: + 357 22 849 313 Email: press@marcusevanscy.com For more information please send an email to press@marcusevanscy.com All rights reserved. The above content may be republished or reproduced. Kindly inform us by sending an email to press@marcusevanscy.com About HackLabs Pty Limited HackLabs was formed by industry veterans, who have had extensive experience in penetration testing (approximately 30 years and over 1,000 penetration tests between them). The objective for HackLabs is to provide our customers with a world class deliverable product that empowers the IT team with the ability to fix identified vulnerabilities. This key objective drives many of our developments such as client portals and forums as well as the instructional videos we provide our customers at the conclusion of our work. The video will help to explain the impact of the technical vulnerability as well as the process to show how to fix the vulnerability. www.hacklabs.com About marcus evans Summits marcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discuss strategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity to individually tailor their schedules of keynote presentations, case studies, roundtables and one-to-one business meetings. For more information, please visit: www.marcusevans.com To view the web version of this interview, please click here: http://events.marcusevans-events.com/australiancio2017-chris-gatford

Recommended

IT security
IT securityIT security
IT securitySteven Aiello
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceXenith Document Systems Ltd
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 

Recommended

IT security
IT securityIT security
IT securitySteven Aiello
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?Jeffrey Sweet - Third Party Risk Governance - Why? and How?
Jeffrey Sweet - Third Party Risk Governance - Why? and How?centralohioissa
 
Digital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceDigital Transformation and Security for the Modern Business Part 1 – Finance
Digital Transformation and Security for the Modern Business Part 1 – FinanceXenith Document Systems Ltd
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
I Own Your Building (Management System)
I Own Your Building (Management System)I Own Your Building (Management System)
I Own Your Building (Management System)Zero Science Lab
 
Security - A Digital Transformation Enabler
Security - A Digital Transformation EnablerSecurity - A Digital Transformation Enabler
Security - A Digital Transformation EnablerAlexander Akinjayeju. MSc, CISM, Prince2
 
Ruben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security InitiativesRuben Melendez - Economically Justifying IT Security Initiatives
Ruben Melendez - Economically Justifying IT Security Initiativescentralohioissa
 
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
It staff augmentation before and after covid 19
It staff augmentation before and after covid 19It staff augmentation before and after covid 19
It staff augmentation before and after covid 19Katy Slemon
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
16231
1623116231
16231James Grant
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Business continuity in the lean times
Business continuity in the lean timesBusiness continuity in the lean times
Business continuity in the lean timesSteven Aiello
 
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Eturnti Consulting Pvt Ltd
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Cyber-attacks
Cyber-attacksCyber-attacks
Cyber-attacksThe Economist Media Businesses
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyHEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyCarter Schoenberg
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetMarcoTechnologies
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Info sec for startups
Info sec for startupsInfo sec for startups
Info sec for startupsKesava Reddy
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
 
Oep light
Oep lightOep light
Oep light7change
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Greataccenture
 

More Related Content

What's hot

AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0Happiest Minds Technologies
 
It staff augmentation before and after covid 19
It staff augmentation before and after covid 19It staff augmentation before and after covid 19
It staff augmentation before and after covid 19Katy Slemon
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the Warcentralohioissa
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesLiberteks
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...centralohioissa
 
Business continuity in the lean times
Business continuity in the lean timesBusiness continuity in the lean times
Business continuity in the lean timesSteven Aiello
 
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Eturnti Consulting Pvt Ltd
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?centralohioissa
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Needsimplyme12345
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderBen Johnson
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetMarcoTechnologies
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedIBM Security
 
Info sec for startups
Info sec for startupsInfo sec for startups
Info sec for startupsKesava Reddy
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Proofpoint
 
Oep light
Oep lightOep light
Oep light7change
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Michael Ofarrell
 

What's hot (20)

AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
AUTOMATING CYBER RISK DETECTION AND PROTECTION WITH SOC 2.0
 
It staff augmentation before and after covid 19
It staff augmentation before and after covid 19It staff augmentation before and after covid 19
It staff augmentation before and after covid 19
 
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the WarGary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
Gary Sheehan - Winning a Battle Doesn't Mean We Are Winning the War
 
16231
1623116231
16231
 
Endpoint Detection and Response for Dummies
Endpoint Detection and Response for DummiesEndpoint Detection and Response for Dummies
Endpoint Detection and Response for Dummies
 
William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...William Diederich - Security Certifications: Are They Worth the Investment? A...
William Diederich - Security Certifications: Are They Worth the Investment? A...
 
Business continuity in the lean times
Business continuity in the lean timesBusiness continuity in the lean times
Business continuity in the lean times
 
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
Fixing security in the cloud, you can't secure what you cannot see 11 oct2019
 
Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?Tre Smith - From Decision to Implementation: Who's On First?
Tre Smith - From Decision to Implementation: Who's On First?
 
Security of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We NeedSecurity of the future - Adapting Approaches to What We Need
Security of the future - Adapting Approaches to What We Need
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber-attacks
Cyber-attacksCyber-attacks
Cyber-attacks
 
State of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry InsiderState of Cyber: Views from an Industry Insider
State of Cyber: Views from an Industry Insider
 
HEMISPHERE SMB Case Study
HEMISPHERE SMB Case StudyHEMISPHERE SMB Case Study
HEMISPHERE SMB Case Study
 
Stay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - FortinetStay Ahead of Threats with Advanced Security Protection - Fortinet
Stay Ahead of Threats with Advanced Security Protection - Fortinet
 
The CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the UnexpectedThe CISO in 2020: Prepare for the Unexpected
The CISO in 2020: Prepare for the Unexpected
 
Info sec for startups
Info sec for startupsInfo sec for startups
Info sec for startups
 
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
Inside The 10 Biggest and Boldest Insider Threats of 2019-2020
 
Oep light
Oep lightOep light
Oep light
 
Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11Presentation to Irish ISSA Conference 12-May-11
Presentation to Irish ISSA Conference 12-May-11
 

Similar to Why IT Systems Need Regular Penetration Tests

Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Greataccenture
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019Ulf Mattsson
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJSherry Jones
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Downaccenture
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...Booz Allen Hamilton
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Successaccenture
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityMighty Guides, Inc.
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 

Similar to Why IT Systems Need Regular Penetration Tests (20)

Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Great
 
What i learned at issa international summit 2019
What i learned at issa international summit 2019What i learned at issa international summit 2019
What i learned at issa international summit 2019
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJCyber Security, User Interface, and You - Deloitte CIO - WSJ
Cyber Security, User Interface, and You - Deloitte CIO - WSJ
 
Executive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top DownExecutive Perspective Building an OT Security Program from the Top Down
Executive Perspective Building an OT Security Program from the Top Down
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
CyberM3 Business Enablement: Cybersecurity That Empowers Your Business with C...
 
OT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security SuccessOT Security Architecture & Resilience: Designing for Security Success
OT Security Architecture & Resilience: Designing for Security Success
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT CybersecurityPAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
PAS: Leveraging IT/OT - Convergence and Developing Effective OT Cybersecurity
 
Information & Cyber Security Risk
Information & Cyber Security RiskInformation & Cyber Security Risk
Information & Cyber Security Risk
 
Information Security
Information SecurityInformation Security
Information Security
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
 

More from IT Network marcus evans

How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...
How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...
How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...IT Network marcus evans
 
How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...
How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...
How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...IT Network marcus evans
 
What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...
What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...
What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...IT Network marcus evans
 
The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...
The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...
The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...IT Network marcus evans
 
Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...
Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...
Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...IT Network marcus evans
 
Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...
Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...
Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...IT Network marcus evans
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...IT Network marcus evans
 
How CIOs Can Execute Change Programmes Successfully - Melissa Bell news release
How CIOs Can Execute Change Programmes Successfully - Melissa Bell news releaseHow CIOs Can Execute Change Programmes Successfully - Melissa Bell news release
How CIOs Can Execute Change Programmes Successfully - Melissa Bell news releaseIT Network marcus evans
 
Transitioning to a Digital Enterprise - Dan Hushon News Release
Transitioning to a Digital Enterprise - Dan Hushon News ReleaseTransitioning to a Digital Enterprise - Dan Hushon News Release
Transitioning to a Digital Enterprise - Dan Hushon News ReleaseIT Network marcus evans
 
The one-on-one meetings with potential customers is what matters most
The one-on-one meetings with potential customers is what matters mostThe one-on-one meetings with potential customers is what matters most
The one-on-one meetings with potential customers is what matters mostIT Network marcus evans
 
Where marcus evans fits in our business development mix
Where marcus evans fits in our business development mixWhere marcus evans fits in our business development mix
Where marcus evans fits in our business development mixIT Network marcus evans
 
Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...
Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...
Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...IT Network marcus evans
 
Adaptive Transformation: Transitioning from Resource to Flow Efficiency
Adaptive Transformation: Transitioning from Resource to Flow Efficiency Adaptive Transformation: Transitioning from Resource to Flow Efficiency
Adaptive Transformation: Transitioning from Resource to Flow Efficiency IT Network marcus evans
 
A New Approach to the CIO role by Redefining the IT Department’s Contribution...
A New Approach to the CIO role by Redefining the IT Department’s Contribution...A New Approach to the CIO role by Redefining the IT Department’s Contribution...
A New Approach to the CIO role by Redefining the IT Department’s Contribution...IT Network marcus evans
 
Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...
Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...
Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...IT Network marcus evans
 
The Shifting Role of the CIO as a Strategic Innovator
The Shifting Role of the CIO as a Strategic InnovatorThe Shifting Role of the CIO as a Strategic Innovator
The Shifting Role of the CIO as a Strategic InnovatorIT Network marcus evans
 
Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...
Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...
Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...IT Network marcus evans
 
Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...
Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...
Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...IT Network marcus evans
 

More from IT Network marcus evans (20)

How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...
How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...
How CIOs Can Bridge the Gap Between Executive Leadership and IT Teams - Greg ...
 
How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...
How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...
How the IT Function Can Enable the Organisation to Achieve its Goals - Anupam...
 
What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...
What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...
What CIOs Need to Know about the Future of Technology - Steve Sammartino, Fu...
 
The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...
The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...
The Low Risk Way to Expanding a Business into South East Asia Joe Fussell & D...
 
Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...
Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...
Gestión, Ejecución, y Eficiencia a Escala Panregional. Desafíos a Superar-Ant...
 
Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...
Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...
Time Machines: The Evolution and Application of Predictive Analytics-Dr Steve...
 
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
Data Breaches and Security: Ditching Data Disasters-Michael McNeil, Philips H...
 
How CIOs Can Execute Change Programmes Successfully - Melissa Bell news release
How CIOs Can Execute Change Programmes Successfully - Melissa Bell news releaseHow CIOs Can Execute Change Programmes Successfully - Melissa Bell news release
How CIOs Can Execute Change Programmes Successfully - Melissa Bell news release
 
Transitioning to a Digital Enterprise - Dan Hushon News Release
Transitioning to a Digital Enterprise - Dan Hushon News ReleaseTransitioning to a Digital Enterprise - Dan Hushon News Release
Transitioning to a Digital Enterprise - Dan Hushon News Release
 
Grow Your Business
Grow Your Business Grow Your Business
Grow Your Business
 
The one-on-one meetings with potential customers is what matters most
The one-on-one meetings with potential customers is what matters mostThe one-on-one meetings with potential customers is what matters most
The one-on-one meetings with potential customers is what matters most
 
Where marcus evans fits in our business development mix
Where marcus evans fits in our business development mixWhere marcus evans fits in our business development mix
Where marcus evans fits in our business development mix
 
Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...
Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...
Crafting the Right Mobile Device Management Framework to Mitigate Risks and M...
 
Adaptive Transformation: Transitioning from Resource to Flow Efficiency
Adaptive Transformation: Transitioning from Resource to Flow Efficiency Adaptive Transformation: Transitioning from Resource to Flow Efficiency
Adaptive Transformation: Transitioning from Resource to Flow Efficiency
 
Home Hunter
Home Hunter Home Hunter
Home Hunter
 
A New Approach to the CIO role by Redefining the IT Department’s Contribution...
A New Approach to the CIO role by Redefining the IT Department’s Contribution...A New Approach to the CIO role by Redefining the IT Department’s Contribution...
A New Approach to the CIO role by Redefining the IT Department’s Contribution...
 
Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...
Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...
Bigger and Better: Employing a Holistic Strategy for Big Data toward a Strong...
 
The Shifting Role of the CIO as a Strategic Innovator
The Shifting Role of the CIO as a Strategic InnovatorThe Shifting Role of the CIO as a Strategic Innovator
The Shifting Role of the CIO as a Strategic Innovator
 
Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...
Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...
Active Defence: Safeguarding Crucial Capability while Boosting Functionality ...
 
Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...
Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...
Outsourcing to Save IT Costs: Interview with: George Bower, President and Chi...
 

Recently uploaded

IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024Matteo Carbone
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncrdollysharma2066
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCRashishs7044
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...ssuserf63bd7
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 

Recently uploaded (20)

IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024IoT Insurance Observatory: summary 2024
IoT Insurance Observatory: summary 2024
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
8447779800, Low rate Call girls in Kotla Mubarakpur Delhi NCR
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...International Business Environments and Operations 16th Global Edition test b...
International Business Environments and Operations 16th Global Edition test b...
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Call Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North GoaCall Us ➥9319373153▻Call Girls In North Goa
Call Us ➥9319373153▻Call Girls In North Goa
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 

Why IT Systems Need Regular Penetration Tests

  • 1. Interview with: Chris Gatford, Managing Director, HackLabs Pty Limited “Many companies perform some IT system vulnerability tests, but that is not enough. CIOs must also conduct penetration tests, simulate an attack on their system and mimic the actions of an attacker without the usual dangers,” advises Chris Gatford, Managing Director, HackLabs Pty Limited. Hacklabs is a sponsor company at the marcus evans Australian CIO Summit 2017, taking place in the Gold Coast, Australia, 19 – 21 July. What issues are CIOs facing today? Many organisations in Australia have never really focused on information security. With budget constraints and fewer staff, they often lack standard IT security controls, but we have seen significant attacks recently and ransomware is becoming a big problem. Australia is a trusting nation so people tend to click on things that show up in their inbox. CIOs must put protective and preventative controls (such as security awareness training) in place to identify security issues before they arise. How does a penetration test differ from a vulnerability assessment? Why is it necessary? A penetration test highlights security controls that are both working and not in place. Compared to a vulnerability assessment, a penetration test actually exploits weaknesses to determine what information is actually exposed. It looks for vulnerabilities that could disrupt the confidentiality, availability or integrity of the network. CIOs can see what happens in an attack in a safe and controlled way, and can address issues accordingly. The reason why they need to perform a penetration test over a vulnerability assessment is to actually prove beyond doubt that a vulnerability is present. Why do you consider a penetration test both art and science? It requires a skilful practitioner to put a hacker’s hat on, adopt the mindset, and apply it to compromising the environ- ment. This is not something an automated tool can do, it requires intellect and out-of-the-box thinking. This is where the art of testing comes into it. Most CIOs probably think they are doing enough to prevent attacks. What vulnerabilities do they tend to overlook? One of the most common mistakes CIOs make is only test their own environ- ment, and not think more broadly. They do not test third parties that hold the same sensitive information from their organisation or fail to ask them for evidence that they are performing penetration tests. This could be a provider for accounting software or billing services. They also do not test their people. It is very easy for an attacker to get sensitive information from employees. Attackers do not need system vulner- abilities to gain access to data. CIOs should not be afraid to test employees with social engineering, not just email but also phone calls and in-person requests. The physical boundary should also be tested to make sure there are no gaps that allow an attacker into the organisation. Many security events actually go unnoticed. Our tests are often done without IT’s knowledge, and as IT typically does not monitor systems for unusual behaviour, it rarely sees anything and is unaware that a penetration is under way or concluded until it is provided the results. How frequently should penetration tests be done? At least twice a year, as technologies and attacks change, and when the organisation changes applications, infrastructure or providers. CIOs must keep up to date with this. We do this daily and it is still a struggle to keep up with the industry. Therefore anyone who is tasked with managing information security on top of their existing workload just does not stand a chance. CIOs must put protective and preventative controls in place to identify security issues before they arise Why IT Systems Need to Conduct IT System Penetration Tests
  • 2. The Information Technology Network - marcus evans Summits deliver peer-to-peer information on strategic matters, p r o f e s s i o n a l t r e n d s a n d breakthrough innovations. Please note that the Summit is a closed business event and the number of participants strictly limited. About the Australian CIO Summit 2017 The Australian CIO Summit is the premium forum bringing elite buyers and sellers together. The Summit offers enterprise and government chief information officers and IT solution providers and consultants an intimate environment for a focused discussion of key drivers for IT innovation. Taking place at the RACV Royal Pines Resort Gold Coast, Queensland, Australia, 19 - 21 July, the Summit includes presentations on aligning technology, upgrading capabilities and redefining processes, implementing the correct cloud model, rethinking IT organisational structures and navigating legacy systems. www.australianciosummit.com Contact Sarin Kouyoumdjian-Gurunlian, Press Manager, marcus evans, Summits Division Tel: + 357 22 849 313 Email: press@marcusevanscy.com For more information please send an email to press@marcusevanscy.com All rights reserved. The above content may be republished or reproduced. Kindly inform us by sending an email to press@marcusevanscy.com About HackLabs Pty Limited HackLabs was formed by industry veterans, who have had extensive experience in penetration testing (approximately 30 years and over 1,000 penetration tests between them). The objective for HackLabs is to provide our customers with a world class deliverable product that empowers the IT team with the ability to fix identified vulnerabilities. This key objective drives many of our developments such as client portals and forums as well as the instructional videos we provide our customers at the conclusion of our work. The video will help to explain the impact of the technical vulnerability as well as the process to show how to fix the vulnerability. www.hacklabs.com About marcus evans Summits marcus evans Summits are high level business forums for the world’s leading decision-makers to meet, learn and discuss strategies and solutions. Held at exclusive locations around the world, these events provide attendees with a unique opportunity to individually tailor their schedules of keynote presentations, case studies, roundtables and one-to-one business meetings. For more information, please visit: www.marcusevans.com To view the web version of this interview, please click here: http://events.marcusevans-events.com/australiancio2017-chris-gatford