Penetration Testing Services Procurement Guide

Penetration Testing Services Procurement Guide

CREST
Copyright Date: 2014
Published by: IT Governance Publishing
Pages: 77
https://www.jstor.org/stable/j.ctt155j44d
  • Cite this Item
  • Book Info
    Penetration Testing Services Procurement Guide
    Book Description:

    Helping you to conduct effective, value-for-money penetration testing, this guide is designed to enable your organisation to plan for a penetration test, select an appropriate third party provider and manage all important related activities.It presents a useful overview of the key concepts you will need to understand to conduct a well-managed penetration test, explaining what a penetration test is (and is not), outlining its strengths and limitations, and describing why an organisation would typically choose to employ an external provider of penetration testing services.

    eISBN: 978-1-84928-580-3
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-5)
  2. Acknowledgements
    (pp. 6-6)
  3. Table of Contents
    (pp. 7-7)
  4. A STRUCTURED APPROACH FOR PROCURING PENETRATION TESTING SERVICES
    (pp. 8-9)
  5. PART I: INTRODUCTION AND OVERVIEW
    (pp. 10-14)

    ThisProcurement Guide(the Guide) provides practical advice on the purchase and management of penetration testing services, helping you to conduct effective, value-for-money penetration testing. It is designed to enable your organisation to plan for a penetration test, select an appropriate third party provider and manage all important related activities.

    The Guide presents a useful overview of the key concepts you will need to understand to conduct a well-managed penetration test, explaining what a penetration test is (and is not), outlining its’ strengths and limitations, and describing why an organisation would typically choose to employ an external provider of penetration...

  6. PART II: UNDERSTANDING THE KEY CONCEPTS
    (pp. 15-22)

    Penetration testing is not a straightforward process. It is often very technical in nature - and riddled with jargon - which can make it look daunting to organisations considering the need to undertake it.

    There are many questions organisations may ask themselves when considering the need for penetration testing, which can include:

    What exactly is a penetration test, and how does is it differ to other types of security techniques?

    What are the compelling reasons to perform a penetration test?

    Who should conduct the test?

    How do we go about it?

    What are the risks and constraints that we should...

  7. PART III: ADOPTING A STRUCTURED APPROACH TO PENETRATION TESTING
    (pp. 23-54)

    When performing penetration tests, some organisations adopt an ad hoc or piecemeal approach, often depending on the needs of a particular region, business unit - or the IT department. Whilst this can meet some specific requirements, this approach is unlikely to provide real assurance about the security condition of your systems enterprise-wide.

    Consequently, it is often more effective to adopt a more systematic, structured approach to penetration testing, ensuring that:

    Business requirements are met.

    Major system vulnerabilities are identified and addressed.

    Risks are kept within business parameters.

    Some organisations establish a formal penetration testing programme – adhering to proven project...

  8. PART IV: CHOOSING A SUITABLE SUPPLIER
    (pp. 55-76)

    If your organisation decides to appoint an external provider of penetration services, it is important that you choose a supplier who can most effectively meet your requirements, but at the right price.

    This part of the Guide will help your organisation to:

    1. Review your penetration testing requirements;

    2. Define a set of supplier selection criteria;

    3. Identify possible suppliers to be considered;

    4. Select an appropriate supplier who can meet (or exceed) your requirements.

    The first step is to make sure that whoever chooses the supplier fully understands your organisation’s requirements, and is aware of any necessary management, planning and preparation activities. Much...

  9. CREST BALANCED SCORECARD
    (pp. 77-77)