Securtity’ OR 1=1–

Questions by Paul Ritchie in September 2019

  • What is cyber security?
  • Where does security fit into the SDLC?
  • Who is responsible for security?
  • When do you have enough security?
  • Can security assessments be automated?
  • What strategies can be used to secure an unsupported 3rd party application?
  • After a penetration test is the system secure?
  • What does “Zero Day” mean to you?
  • How do you mitigate the threat posed by “Zero Days”?
  • Is using an off-the-shelf application more secure than developing a bespoke one?
  • When is hosting in the “cloud” more secure?
  • In what circumstances is hosting “on-premise” the only option?
  • What does “ethical disclosure” of a security vulnerability mean?
  • Is it ever ethical to publish details of a vulnerability before the vendor has responded?

Back to example question sets

Creative Commons Licence
This work is licensed under a Creative Commons Attribution 4.0 International License.

The history of Guided Conversations | RSS