Guide to penetration testing, Part 1: Reasons to perform a penetration test

Why penetration testing?

While the principal objective of penetration testing is to determine security weaknesses in an organization's network Infrastructure; it can have number of secondary objectives, including testing the organization's security incidents identification and response capability, testing employee security awareness or testing security policy compliance.

Reasons to perform a penetration test

• A penetration test helps organizations to understand their current security posture by identifying gaps in security. This enables organizations to develop an action plan to minimize the threat of attack or misuse.

• A well documented penetration test result, helps managers in creating a strong business case to justify a needed increase in the security budget or make the security message heard at the executive level.

• Security is not a single point solution, but a process that requires due diligence. Security measures need to be examined on a regular basis to discover new threats. A penetration test and an unbiased security analysis enable organizations to focus internal security resources where they are needed most. In addition, the independent security audits are rapidly becoming a requirement for obtaining cyber-security insurance.

• Meeting regulatory and legislative requirements are a must for conducting businesses today. Penetration tests help organizations meet these regulatory compliances.

• One of the core objectives of an ebusiness initiative is to enable close working with strategic partners, suppliers, customers and others upon whom the ebusiness depends. To accomplish this goal, organizations sometimes allow partners, suppliers, B2B exchanges, customers and other trusted connections into their networks. A well executed penetration test and security audits help organizations find the weakest links in this complex structure and ensure that all connected entities have a standard baseline for security.

• Once security practices and infrastructure is in place, a penetration test provides critical validation feedback between business initiatives and a security framework that allows for successful implementation at minimal risk.

Continue to Part 2: Performing a penetration test

Click here to return to our index page

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Security Monitoring Networking data visualization not just for pointy-headed bosses Visual Security Analysis -- 'Applied Security Visualization,' Chapter 5 SIEM platform secures university's open network Network forensics appliance gets storage boost and 10 GbE support Tracking NetFlow over MPLS helps airline with compliance Securing the new network architecture: Security for distributed, dynamic networks When it comes to data loss prevention, networking should be part of the conversation What is data loss prevention? -- An introduction to DLP What are the best methods for handling rogue access points? Internet monitoring vendor adds throttling, filtering, to its appliance

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary deep packet inspection (DPI)  (SearchNetworking.com) FCAPS  (SearchNetworking.com) Nessus  (SearchNetworking.com) netstat  (SearchNetworking.com) port mirroring  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary