Procuring Penetration Testing Services

Procuring Penetration Testing Services

CREST
Copyright Date: 2014
Published by: IT Governance Publishing
Pages: 23
https://www.jstor.org/stable/j.ctt155j45x
  • Cite this Item
  • Book Info
    Procuring Penetration Testing Services
    Book Description:

    Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat to key systems is ever increasing and the probability of a security weakness being accidentally exposed or maliciously exploited needs to be continually assessed - such as via a penetration test - to ensure that the level of risk is at an acceptable level to the business.

    A penetration test involves the use of a variety of manual and automated techniques to simulate an attack on an organisation's information security arrangements - either from malicious outsiders or your own staff. Undertaking a series of penetration tests will help test your security arrangements and identify improvements. When carried out and reported properly, a penetration test can give you knowledge of nearly all of your technical security weaknesses and provide you with the information and support required to remove or reduce those vulnerabilities. Research has shown that there are also other significant benefits to your organisation through effective penetration testing, which can include:

    A reduction in your ICT costs over the long termImprovements in the technical environment, reducing support callsGreater levels of confidence in the security of your IT environmentsIncreased awareness of the need for appropriate technical controls

    eISBN: 978-1-84928-576-6
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. Table of Contents
    (pp. 5-5)
  3. INTRODUCTION
    (pp. 6-7)

    Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat to key systems is ever increasing and the probability of a security weakness being accidentally exposed or maliciously exploited needs to be continually assessed –such as via a penetration test– to ensure that the level of risk is at an acceptable level to the business.

    A penetration test involves the use of a variety of manual and automated techniques to simulate an attack on an organisation’s information security arrangements – either from malicious outsiders or your own...

  4. KEY CONCEPTS
    (pp. 8-8)
  5. A STRUCTURED APPROACH TO PENETRATION TESTING
    (pp. 9-10)

    When performing penetration tests, some organisations adopt an ad hoc or piecemeal approach, often depending on the needs of a particular region, business unit – or the IT department. Whilst this can meet some specific requirements, this approach is unlikely to provide real assurance about the security condition of your systems enterprise-wide. Consequently, it is often more effective to adopt a more systematic, structured approach to penetration testing, ensuring that:

    Business requirements are met;

    Major system vulnerabilities are identified and addressed;

    Risks are kept within business parameters.

    To help you make the most of your penetration testing, a procurement approach...

  6. CHOOSING A SUITABLE SUPPLIER
    (pp. 11-20)

    Organisations can carry out penetration testing themselves, sometimes very successfully. More often they will decide to employ the services of one or more specialist third party penetration testing providers.

    Findings from the research project indicated that the main reasons why organisations hire external suppliers are because these suppliers can:

    1. Provide more experienced, dedicated technical staff who understand how to carry out penetration tests effectively, using a structured process and plan;

    2. Perform an independent assessment of their security arrangements;

    3. Carry out a full range of testing (eg black, white or grey box; internal or external infrastructure or web application; source code...

  7. SUMMARY
    (pp. 21-21)
  8. CREST BALANCED SCORECARD
    (pp. 22-22)