SECFORCE          
SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing
   
HOME SECFORCE - penetration testing COMPANY SECFORCE - penetration testing SERVICES SECFORCE - penetration testing RESEARCH SECFORCE - penetration testing BLOG SECFORCE - penetration testing INITIATIVES SECFORCE - penetration testing CONTACT
 
SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing
    SECFORCE - penetration testing

Blog ■

 
SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing SECFORCE - penetration testing
    Home : Blog  
SECFORCE - penetration testing SECFORCE - penetration testing
   
Archive for the ‘Security Compliance’ Category
 

Benefits of penetration testing

Wednesday, February 23rd, 2011

One of the questions that we get from time to time is “Why should I conduct a penetration test?” Undoubtedly every business works in a different way and the value of conducting a penetration test varies in each case. Some businesses might manage IT security in a different way than others and therefore a penetration test might be relevant in different ways. However, it is possible to find some common ground which will almost certainly apply to every organization.

The following list shows the main benefits of penetration testing:

  • Manage Risk Properly

For many organizations the foremost benefit of commissioning a penetration test is that it will give you a baseline to work upon in order to mitigate the risk in an structured and optimal way.

A penetration test will show you the vulnerabilities in the target system and the risks associated to it. An educated valuation of the risk will be performed so that the vulnerabilities can be reported as High/Medium/Low risk issues.

The categorization of the risk will allow you to tackle the highest risks first, maximising your resources and minimizing the risk efficiently.

  • Increase Business Continuity

Business continuity is usually the number one security concern for many organizations. A breach in the business continuity can happen due to a number of reasons. Lack of security is one of them.

Insecure systems are more likely to suffer a breach in their availability than secured and hardened ones. Vulnerabilities can very often be exploited to produce a denial of service condition which usually crashes the vulnerable service and breaches the server availability.

Penetration testing against mission critical systems needs to be coordinated, carefully planed and mindful in the execution.

  • Minimize Client-side Attacks

Penetration testing is an effective way of ensuring that successful highly targeted client-side attacks against key members of your staff are minimized.

Security should be treated with a holistic approach. Companies only assessing the security of their servers run the risk of being targeted with client-side attacks exploiting vulnerabilities in software like web browsers, pdf readers, etc. It is important to ensure that the patch management processes are working properly updating the Operating System and third party applications.

  • Protect Clients, Partners And Third Parties

A security breach could affect not only the target organization, but also their clients, partners and third parties working with it. Taking the necessary actions towards security will enhance professional relationships building up trust and confidence.

  • Comply With Regulation or Security Certification

The compliance section in the ISO27001 standard requires managers and system owners to perform regular security reviews and penetration tests, unertaken by competent testers.

PCI DSS also addresses penetration testing to relevant systems performed by qualified penetration testers.

  • Evaluate Security Investment

A snapshot of the current security posture and an opportunity to identify potential breach points.

The penetration test will provide you with an independent view of the effectiveness of your existing security processes in place, ensuring that patching and configuration management practices have been followed correctly.

This is an ideal opportunity to review the efficiency of the current security investment. What is working, what is not working and what needs to be improved.

  • Protect Public Relationships And Brand Issues

A good PR and brand position built up during years and with considerable investment can be suddenly change due to a security breach. Public perception of an organization is very sensitive to security issues and can have devastating consequences which may take years to repair.

As this post explains, there are very valid reasons to perform a penetration test in your infrastructure. Contact us if you need some more details on how we can help you.

 
   
 
BLOG

Archives

November 2014
July 2014
April 2014
March 2014
February 2014
August 2013
June 2013
February 2013
January 2013
December 2012
November 2012
October 2012
January 2012
October 2011
September 2011
July 2011
June 2011
April 2011
February 2011
January 2011
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008

Categories

Aircraft security (1)
Business Continuity (2)
CREST (1)
cyber security (2)
Embedded devices security (2)
exploit (9)
Fuzzing (1)
Penetration Testing (42)
Phishing (3)
Risk Management (5)
SECFORCE (18)
Security architecture (2)
Security Books (1)
Security Compliance (1)
Security research (10)
social engineering (1)
social media (1)
sql injection (3)
SQL Server (3)
Tools (14)
Uncategorized (3)
Vulnerabilities (10)
 
SECFORCE - penetration testing
  SECFORCE - penetration testing Aegon House, 13 Lanark Square
Canary Wharf - E14 9QD, London
SECFORCE - penetration testing Direct Line +44 (0) 845 056 8694
E-mail SECFORCE - penetration testing
  Follow us in Twitter Check us out in LinkedIn SECFORCE is CREST certified. Click on the logo for more information ISO9001 ISO27001
SECFORCE - penetration testing
    Copyright (c) 2014 SECFORCE Ltd · All Rights Reserved