PART III: ADOPTING A STRUCTURED APPROACH TO PENETRATION TESTING
When performing penetration tests, some organisations adopt an ad hoc or piecemeal approach, often depending on the needs of a particular region, business unit – or the IT department. Whilst this can meet some specific requirements, this approach is unlikely to provide real assurance about the security condition of your systems enterprise-wide.
Consequently, it is often more effective to adopt a more systematic, structured approach to penetration testing, ensuring that:
- Business requirements are met.
- Major system vulnerabilities are identified and addressed.
- Risks are kept within business parameters.
Some organisations establish a formal penetration testing programme ...