Effective Pen Tests Follow These 7 Steps
Third-party pen tests are part of every comprehensive security plan. Here's how to get the most from this mandatory investment.
May 14, 2019
There's little debate about whether penetration tests should be part of a comprehensive cybersecurity plan. It's critical that defensive systems be tested by real-world pros so vulnerabilities and weaknesses can be found and corrected.
Instead, the question is how to get the most from the investment.
In all but the rarest cases, a pen test means having a third party explore the strength of an organization's security. Many of the keys to effectiveness have been repeated as business wisdom so often they've become cliché: Know what you want, know the group you're hiring, communicate clearly, write it down, and have a plan for what you'll do with the results.
[Hear John Sawyer, director of red team services at IOActive, present Getting the Most Out of Penetration Testing and Red Teaming at Interop 2019 next week]
With each of these points, and the others on this list, factors specific to third-party pen tests need to be considered. This list, cherry-picked from conversations, conference panels, Internet articles, and personal experience, include the basics about what an organization needs to think through before launching a third-party pen test. What other factors should be on this list? Let us know in the Comments section, below.
(Image: putilov_denis VIA Adobe Stock)
About the Author
You May Also Like