IT Examiner School, Providence, RI
Penetration Testing Strategies
• Targeted Testing - performed by the entity’s IT team and external testing team
• External Testing - targets externally visible servers or devices (seen by anybody on Internet) to see if they can get into internal systems and how far
• Internal Testing - mimics an insider attack by an authorized user with standard access privileges (what can happen with a disgruntled employee)
Penetration Testing Value Ascertain the likelihood of gaining system access Assess the likelihood of exploiting a low risk vulnerability to gain higher level access Detecting vulnerabilities not easily found using standard system protective means Helps measure cyber security preparedness Lists identified vulnerabilities that require remediation Assesses the ability of current security methods to detect or prevent an attack Identifies additional efforts needed to protect the network(s) or systems in scope.
Made with FlippingBook Annual report