There’s little debate about whether penetration tests should be part of a comprehensive cybersecurity plan. It’s critical that defensive systems be tested by real-world pros so vulnerabilities and weaknesses can be found and corrected.
Instead, the question is how to get the most from the investment.
In all but the rarest cases, a pen test means having a third party explore the strength of an organization’s security. Many of the keys to effectiveness have been repeated as business wisdom so often they’ve become cliché: Know what you want, know the group you’re hiring, communicate clearly, write it down, and have a plan for what you’ll do with the results.
[Hear John Sawyer, director of red team services at IOActive, present Getting the Most Out of Penetration Testing and Red Teaming at Interop 2019 next week]
With each of these points, and the others on this list, factors specific to third-party pen tests need to be considered. This list, cherry-picked from conversations, conference panels, Internet articles, and personal experience, include the basics about what an organization needs to think through before launching a third-party pen test. What other factors should be on this list? Let us know in the Comments section, below.
(Image: putilov_denis VIA Adobe Stock)
Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and … View Full Bio