Pen testers often need to stage payloads and other tools on servers outside of their own infrastructure. In this post I’ll show you how to use the Amazon AWS command line interface (CLI) to dynamically create and manage S3 buckets that you can use in your own pen tests. I’ll also show you how to […]
Posts Tagged ‘risk assessment’
How To Assess The Risk Level Of A Change To A Regulated System
This is post #4 in a short series about assessing and mitigating risk with regulated software. Over the past few weeks, I’ve discussed the rationale for taking a risk-based approach to this topic, as well as the first couple of steps to take: determining whether a system is regulated and, if so, determining its risk […]
Beyond Compliance – IT Risk Self-assessments
In the financial services practice, compliance audits and vendor security evaluations are the norm for IT and operations. Our customers must meet standards to participate in the industry, to protect their assets, to protect their customers’ personally identifying information, and to meet their regulatory requirements as a business. When IT organizations take part in completing […]