PART III: ADOPTING A STRUCTURED APPROACH TO PENETRATION TESTING

Overview

When performing penetration tests, some organisations adopt an ad hoc or piecemeal approach, often depending on the needs of a particular region, business unit – or the IT department. Whilst this can meet some specific requirements, this approach is unlikely to provide real assurance about the security condition of your systems enterprise-wide.

Consequently, it is often more effective to adopt a more systematic, structured approach to penetration testing, ensuring that:

  • Business requirements are met.
  • Major system vulnerabilities are identified and addressed.
  • Risks are kept within business parameters.

Some organisations establish a formal penetration testing programme ...

Get Penetration Testing Services Procurement Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.