IT Governance Ltd
, an acknowledged penetration testing provider and a CREST member company, has released two brand new guides that will help IT professionals and system administrators build a board level business case for penetration testing, as well as ensuring that they maximise the benefit of their penetration tests.
The penetration testing guides, explaining both the reasons for conducting pen tests and how to get the most out of a pen test, are available for free download from IT Governance’s website at www.itgovernance.co.uk/why-pen-tests-are-crucial.aspx
Geraint Williams, QSA and Senior Consultant at IT Governance, warns of the growing risk of successful cyber attacks on organisations:
“With the increasing complexity of website and network software, more security holes are being introduced. Organisations are at a significant risk from attacks through automated botnets and automated scanning tools that look under the ‘attack surface’ to see if there are any vulnerabilities that can be exploited. Any successful attack will incur significant remediation costs, loss of productivity and reputational damage. ‘Not testing’ could be a very costly process.”
Williams explains that pen testing
should be conducted regularly, to detect recently discovered, previously unknown vulnerabilities. It should be undertaken after deploying new infrastructure and applications, and after major changes to infrastructure and applications (e.g. changes to firewall rules, updating of firmware, patches and upgrades to software).
Apart from ensuring better protection of an organisation’s information assets, penetration testing brings other tangible benefits including:
Due diligence in protecting information.
Providing risk-based assurance that controls are being implemented effectively.
The penetration testing guides are available for free download from IT Governance’s website at www.itgovernance.co.uk/why-pen-tests-are-crucial.aspx