Penetration testing is no longer an extraordinary security engagement. Due to regulatory mandates, internal policies, business executive requests and the overall desire to avoid becoming the next breach victim, testing is now commonplace among many organizations. The kind of testing, however, can still be a question. Do you need ad hoc testing, that as-needed affair that takes place once or twice a year? Or do you need a managed testing program that is continual and coordinated by an outside testing team?
The best option for your organization depends on the number of tests you perform a year, the resources you have in-house and the skill sets putting those resources to use.
Knock, Knock … Housekeeping!
No matter the type of program you use, many housekeeping steps take place before and after each testing engagement begins. They may include the following:
Determining the depth of testing needed
Finding and performing background checks on testers
Scheduling windows for testing
Giving appropriate access credentials to testers
Determining the depth of testing needed
Creating a virtual private network (VPN) and accounts for testers
Establishing other rules of engagement
After tests are completed, another set of steps kicks off, including:
Reading through findings
Facilitating the remediation of those findings
Scheduling and performing re-testing to make sure vulnerabilities are patched
While these items may seem simple, in reality, they take time and require some expertise to ensure everything is set up and completed correctly. Accomplishing the pre- and post-testing items can overwhelm any security team.
Imagine you are a company that is required to complete hundreds of tests each year by a certain deadline, for example, when an auditor is scheduled for a visit. Even if yo ..
Support the originator by clicking the read the rest link below.
