IT Examiner School, Providence, RI

Penetration Testing Strategies

• Targeted Testing - performed by the entity’s IT team and external testing team

• External Testing - targets externally visible servers or devices (seen by anybody on Internet) to see if they can get into internal systems and how far

• Internal Testing - mimics an insider attack by an authorized user with standard access privileges (what can happen with a disgruntled employee)

Penetration Testing Value  Ascertain the likelihood of gaining system access  Assess the likelihood of exploiting a low risk vulnerability to gain higher level access  Detecting vulnerabilities not easily found using standard system protective means  Helps measure cyber security preparedness  Lists identified vulnerabilities that require remediation  Assesses the ability of current security methods to detect or prevent an attack  Identifies additional efforts needed to protect the network(s) or systems in scope.