Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Asking these big questions will help you predict future compromise

Nick Selby, CEO and co-founder of StreetCred Software | Jan. 8, 2014
Nick Selby has a set of questions he always asks when helping an organisation root out the cause of a compromise. Here's why they also help him predict future problems with a security programme.

But I had a wicked-strong indicator. Later we confirmed it, but the indicator itself was strong enough for me to base certain statements and actions.

This stuff is not rocket science. By asking high-level, disqualifying questions, one can easily make some broad assessments. Then it's simply a matter of drilling down into the indicated areas, and finding the problems.

Kennedy offers a few more questions, like, "Are you testing for security threats and doing things like external/internal penetration tests and social-engineering efforts to test your controls and your incident response?" and, "Have you ever done a source code analysis or dynamic testing of applications to determine what risks they pose?"

A number of us are working together to make a list of the top ten questions that can be asked in any organization. We feel that this is a great way to share knowledge and experience with the community. Like that idea? Drop me a line, using the contact form at


Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.