book

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

September 2019

Intermediate to advanced

150 pages

6h 1m

English

BCS, The Chartered Institute for IT

Read now

Unlock full access

How does this affect my organisation?Why carry out a penetration test?Penetration tests won’t always stop you being hackedStaying current with emerging risksWhy all managers should be interested in security…Impact on the organisation of not penetration testingSummaryReferences
Understanding what penetration testing will achieveDelivering maximum value from penetration testingPenetration testing as part of a holistic information security programmeRisk assessments and relevance to live-system lifecyclesSummaryReferences
Governance and regulatory compliance overviewRegulatory and legal preparatory considerationsSectors and compliance standardsSummaryReferences
Adding penetration testing to an existing enterprise information security strategyPreparation and planningAlignment of policies and procedures with the changing nature of threatsAwareness raising and notificationOther factors for considerationSummary
How penetration test programmes should be informed by defined outcomesThreat intelligence-led penetration testingNext steps?SummaryReference
Defining the scope of penetration testsMapping of assetsSummaryReferences
Penetration test coverage and structureSimulating the threatSummaryReferences
In-house penetration testing compared with third-party penetration testingHybrid approachesSummaryReferences
An overview of the penetration testing service provider marketTest provider capabilitiesWorking relationships with testersReview and ‘rotation’ of test providersTest consentsCommercial and technical relationshipsUnderstanding and using test resultsSummaryReferences
ContextAssessing the most appropriate penetration testing tools and techniques for the programmeSummaryReferences
What is meant by ‘best practice’ and ‘good practice’?Building on the tester’s experiencePenetration testing methodologiesDocumentation before, during and after a penetration testPenetration tester travel and being away from homeTest teams versus individual testersThe client being involved in the testHealth and safetySummaryReference
Purpose of reportingDistributing report content to the relevant audienceCoverage of reportingSummary
On debriefsInterpreting reports and circulating key findingsIntegrating reporting into bug trackers, ticket managers and management toolsUnderstanding the full implications of vulnerabilitiesSummary
Interpreting resultsEstablishing a structured remediation planPenetration test timingsSummary

Content preview from Penetration Testing

3 REGULATORY MANAGEMENT FOR PENETRATION TESTING

Rob Ellis

We begin this chapter with an overview of regulation and compliance frameworks and how penetration testing fits in to them. The next section establishes the regulatory management approaches and considerations as well as the legal aspects that apply to conducting penetration testing. The final part of the chapter describes the main types of organisational regulation and compliance that apply to penetration testing.

GOVERNANCE AND REGULATORY COMPLIANCE OVERVIEW

Increasingly, high-profile security breaches have been in our headlines. For example, the 2013 breach of cardholder data at the US company Target led to costs to the company of US$252 million (McGinty, 2015). Arguably high-profile ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Publisher Resources

ISBN: 9781780174082Publisher Website

Penetration Testing

by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

3 REGULATORY MANAGEMENT FOR PENETRATION TESTING

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like