Effective Pen Tests Follow These 7 Steps
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
May 14, 2019
There's little debate about whether penetration tests should be part of a comprehensive cybersecurity plan. It's critical that defensive systems be tested by real-world pros so vulnerabilities and weaknesses can be found and corrected.
Instead, the question is how to get the most from the investment.
In all but the rarest cases, a pen test means having a third party explore the strength of an organization's security. Many of the keys to effectiveness have been repeated as business wisdom so often they've become cliché: Know what you want, know the group you're hiring, communicate clearly, write it down, and have a plan for what you'll do with the results.
[Hear John Sawyer, director of red team services at IOActive, present Getting the Most Out of Penetration Testing and Red Teaming at Interop 2019 next week]
With each of these points, and the others on this list, factors specific to third-party pen tests need to be considered. This list, cherry-picked from conversations, conference panels, Internet articles, and personal experience, include the basics about what an organization needs to think through before launching a third-party pen test. What other factors should be on this list? Let us know in the Comments section, below.
(Image: putilov_denis VIA Adobe Stock)
About the Author
You May Also Like
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024