Who’s Minding the Mint? – The Tester’s Role in Information Security


It seems that each day brings news of another cyber attack on businesses, government agencies and individuals. The average cost of a corporate security breach in 2014 was 3.5 million dollars in the U.S., according to Ponemon Institute. This doesn’t include costs due to the loss of business reputation and loss of future business profits.

With such high security risk, a logical question to ask is “What is the role of software testing with regard to information security?” In many organizations, security testing is a specialty function, if performed at all.

In this presentation, Randy Rice outlines a holistic approach to information security that addresses not only technical security protections, but also human factors and functional security controls. His assertion is that mitigating information security risks is much more than the security team’s responsibility.

Learning Objectives:

  1. Learn what software testers can contribute in terms of information security testing
  2. Learn how to increase the value of testing by including security testing to the team’s portfolio of tests
  3. Identify a business case for your own organization to become a more integral part of information security