Many organizations have deployed sophisticated security mechanisms, such as firewalls or intrusion detection systems (IDS), to help protect their information assets and to quickly identify potential attacks.
While these mechanisms are important, they are not foolproof. A firewall cannot protect against what is allowed through – such as online applications and allowed services.
While an IDS can detect potential intrusions, it can detect only what it has been programmed to identify, and it will not be effective at all if the company does not monitor or respond to the alerts. As well, firewalls and intrusion detection systems must be continuously updated or they risk losing their effectiveness at preventing or detecting attacks.
Penetration testing can help validate and confirm the effective configuration of an organization’s firewalls and its intrusion detection systems.
The scope of a penetration testing project is subject to negotiation between the sponsor of the project and the testing team, and will vary depending on the particular objectives to be achieved.
The principal objective of penetration testing is to determine whether an organization’s security vulnerabilities can be exploited and its systems compromised. Conducting such a test involves gathering information about an organization’s information systems and information security and then using this information to attempt to identify and exploit known or potential security vulnerabilities.
Evidence to support the penetration testing team’s ability to exploit security vulnerabilities can vary from gathering “computer screen shots” or copying sensitive information or files to being able to create new user accounts on the system or being able to create and/or delete particular files on the organization’s servers.
Penetration testing can have a number of secondary objectives, including testing the organization’s security incidents identification and response capability, testing employee security awareness or testing users’ compliance with security policies.
Readers, I would also like to hear from your side on this topic. Pls comment here your valuable views.
0 Visitor Reactions & Comments: