Ongers International Security Consultancy and ITIL training South Africa

What is the Value of a Penetration Test?

This excerpt from Forbes.com explains the value of the pen test.

Here are a few of the reasons organizations invest in penetration testing:

  • Determining the feasibility of a particular set of attack vectors
  • Identifying higher-risk vulnerabilities that result from a combination of lower-risk vulnerabilities exploited in a particular sequence
  • Identifying vulnerabilities that may be difficult or impossible to detect with automated network or application vulnerability scanning software
  • Assessing the magnitude of potential business and operational impacts of successful attacks
  • Testing the ability of network defenders to successfully detect and respond to the attacks
  • Providing evidence to support increased investments in security personnel and technology to C-level management, investors, and customers
  • Meeting compliance¬† (for example: the Payment Card Industry Data Security Standard (PCI DSS) requires both annual and ongoing penetration testing (after any system changes)
  • Post security incident, an organization needs to determine the vectors that were used to gain access to a compromised system (or entire network). Combined with forensic analysis, a penetration test is often used to re-create the attack chain, or else to validate that new security controls put in place will thwart a similar attack in the future.

OIC offers a range of security related services, including pen testing. Read more here.

Full original article here.