Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
May 14, 2019
There's little debate about whether penetration tests should be part of a comprehensive cybersecurity plan. It's critical that defensive systems be tested by real-world pros so vulnerabilities and weaknesses can be found and corrected.
Instead, the question is how to get the most from the investment.
In all but the rarest cases, a pen test means having a third party explore the strength of an organization's security. Many of the keys to effectiveness have been repeated as business wisdom so often they've become cliché: Know what you want, know the group you're hiring, communicate clearly, write it down, and have a plan for what you'll do with the results.
[Hear John Sawyer, director of red team services at IOActive, present Getting the Most Out of Penetration Testing and Red Teaming at Interop 2019 next week]
With each of these points, and the others on this list, factors specific to third-party pen tests need to be considered. This list, cherry-picked from conversations, conference panels, Internet articles, and personal experience, include the basics about what an organization needs to think through before launching a third-party pen test. What other factors should be on this list? Let us know in the Comments section, below.
(Image: putilov_denis VIA Adobe Stock)
About the Author(s)
You May Also Like
Defending Against Today's Threat Landscape with MDR
April 18, 2024The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024