Network Security & Pen-Testing
Emulating the Bad Guys
A Penetration Test, or Pen Test, is the process of actively testing your organizations security measures by attempting to penetrate network security using a variety of measures. It is, in essence, hacking your organization in order to evaluate and harden the security measures already in place.
What is tested?
A penetration test will involve the systematic analysis of all the security measures in place. A full project should include some or all of the following areas, with the exact requirements usually being agreed in a formal scoping document prior to commencing (this list is provided courtesy of the OSSTMM):
| || |
After the completion of a penetration test the deliverables will included a detailed analysis of the methodology used to conduct the test, the results of the various attempts at compromise, as well as detailed documentation on remediation of any security flaws found.
*Note: Don’t forget to ask about the new Global Digital Forensics Digital Asset Threat Assessment (DATA) program. With the BYOD (Bring Your Own Device) phenomenon in full bloom, controlling all the data coming from and going to mobile phones and tablets is adding an entirely new security headache to the mix. As these devices flood the cyber landscape, many organizations find themselves gasping for air while trying to keep up from a security perspective. Adding the DATA program to a penetration test will substantially bolster an organization’s cyber security posture, not just from a network and mainframe security perspective, but every facet of your unique digital asset landscape.