11.6. Performing Penetration Testing
Regular penetration testing is a critical element in the overall security strategy. Testing gives you a good idea of how strong your security position is and how much work you have to do. What you have tested (and how often) is unique to your organization and your individual preferences but broadly speaking penetration tests fall into two distinct categories: physical and electronic (with electronic being by far the most popular).
11.6.1. Physical Testing
The purpose of physical testing is to determine:
the effectiveness of border security controls;
the effectiveness of internal site security controls;
the susceptibility of staff to manipulation;
the susceptibility of an organization to information leakage;
the effectiveness of a security policy that has been implemented;
the overall threat an organization faces from physical attack.
When executed correctly, a physical penetration test can tell you a lot about your vulnerability. Usually it will tell you are vulnerable in a number of areas and there is therefore little point in engaging a test for purely speculative reasons but with specific goals in mind. Good examples are:
to identify weak points in specific areas;
to test the implementation of recently deployed systems or procedures;
as part of a regular audit to test the adherence to a security policy;
to independently verify the existence of risks you know or suspect to be present (this is usually necessary in order to justify budget increases); ...
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
