Abstract
Security isn’t only a bit of software that can be bought, installed and forgotten with the occasional upgrade thrown in. Security isn’t only that set of password rules we are supposed to follow. Security isn’t only that locked filing cabinet, or a guard and a scan card reader at the front door. It includes all those things, and many, many more. We all need to think about security differently. Every organisation has thousands of vulnerabilities—weaknesses that could be exploited by a malicious attacker. And, as a malicious attacker, I only need to find one vulnerability to exploit. It could be a helpful staff member holding the door open for a “fellow smoker”, or a person in Finance who believed that last phone call asking them to process “that important invoice”. It might be an open comms port on the production web server, or the unpatched server in the test environment. Or it could be the report listing last week’s customer contacts that is mailed to the sales staff each Monday (including the sales staff who have left the organisation). I mention these because my colleagues and I have used all these techniques (and many more) to test organisations. We are security testers.
Chapter PDF
Similar content being viewed by others
Reference
Hadnagy, C., Fincher, M.: Phishing Dark Waters. Wiley, Hoboken, NJ (2015)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2020 The Author(s)
About this chapter
Cite this chapter
Yorkston, K. (2020). Security: It’s Everyone’s Business!. In: Goericke, S. (eds) The Future of Software Quality Assurance. Springer, Cham. https://doi.org/10.1007/978-3-030-29509-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-030-29509-7_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-29508-0
Online ISBN: 978-3-030-29509-7
eBook Packages: Computer ScienceComputer Science (R0)