Many CISOs swear by penetration testing – simulated attacks on an organisation’s infrastructure (typically cyber infrastructure, but physical security tests can also fall within scope..) Yuri Rassega, for example, the CISO of Italian utility Enel, says his company conducts some 400 deep vulnerability tests on the company’s critical assets every year; more than one engagement daily. Get your scoping agreements less than crystal clear, however, and things can go sideways fast:

Read full article on CBR – CyberSecurity News