, the fast-growing cyber security services provider and a CREST member company, is to host a free webinar called “What every IT professional needs to know about penetration tests
” on 3 April 2014 at 15:00 GMT.
The webinar, conducted by Geraint Williams, IT Governance's residential CREST-approved penetration tester, senior consultant and PCI QSA, will explain the difference between various types of tests, how to scope a penetration test and what to look out for when choosing a penetration testing provider, amongst others.
With attacks on websites becoming more common and the appearance of new (Distributed) Denial of Service (DDos or Dos) attacks like the NTP amplification DDoS attack, it is more important than ever to take prevention measures. Vulnerability assessments and pen testing are important for reducing the effect of DDoS attacks on organisations’ networks and identifying further vulnerabilities that can be exploited by those attacks.
Geraint Williams emphasises that pen testing should be conducted regularly, to detect recently discovered, previously unknown vulnerabilities. It should be undertaken after deployment of new infrastructure and applications as well as after major changes to infrastructure and applications (e.g. changes to firewall rules, updating of firmware, patches and upgrades to software).
is also an essential component in internationally recognised standards and compliance frameworks, notably the ISO27001
information security standard and the Payment Card Industry Data Security Standard (PCI DSS). The latter applies to merchants and service providers that process payment cardholder data, and requires that penetration testing activities (internal and external) follow an "industry-accepted penetration testing methodology".
The webinar “What every IT professional needs to know about penetration tests
” will run on 3 April 2014 at 15:00 GTM. Registrations are open here: www.itgovernance.co.uk/webinars.aspx#penetrationtests