Assumed Breach Testing

What if the breach has already occurred?

Joining Matthew Brendan O'Connor, Interhack founder C. Matthew Curtin will present Assumed Breach Testing at the Information Security Summit in Cleveland, Ohio on October 26, 2018.

Many security managers understand the need for testing of controls and the need for an incident response function within their organization. Operating on the assumption that there has been no breach and looking for contrary evidence, organizations that do discover breaches are often surprised to find the breadth and depth of the breach. Initial conservative estimates can give way to updated—and far more embarrassing figures.

What does the operating picture look like if managers assume that breach has taken place? How does that affect the regular security testing and the use of incident response functions?

The presentation will look at the issue first framed by O'Connor, an experienced manager of information security, and as considered by Curtin, who has spent the past eighteen years leading teams to address issues of technology, including data breaches, that ultimately are considered in court.

Online registration is now closed, but tickets are still available onsite. See for a copy of the agenda.

About Interhack

Since 2000, Interhack has been providing expert analysis and opinion on cybersecurity and privacy matters for clients throughout the United States and in Canada. The firm can be found online at