I am an information security consultant. We outwit hackers for our customers. Before we get to do so, we submit proposals to explain how we can help them.
.
One way of helping our customers is to break their information systems non-destructively. However, it is hard to say how we do so. Commonly quoted 'methodologies' are too general to be informative and useful.
.
Yet, common business practice dictates that we submit a 'methodology' for the customer's perusal before we attempt to break their systems up. This goes against the grain that building something is systematic, but breaking something is hardly so. It depends on what turns up and what patterns we recognise at the very moment. It is mostly unsystematic! So, in effect, a structured methodology is just to get us pass the 'front door'.
.
But this is understandable why the customers do not think the same way as we do, as the same system of thoughts that have created the security loopholes and vulnerabilities tend to be a different type of mind that identifies vulnerabilities.
.
No comments:
Post a Comment