IT Examiner School - Oct 2023

Internal Use Only

Pen Test Value Ascertain the likelihood of gaining system access

Detecting vulnerabilities not easily found using standard system protective means Ability of current security methods to detect or repel an attack

Likelihood of exploiting a low ‐ risk vulnerability to gain higher level access

List of vulnerabilities that require remediation

Measure of risk for a cyber attack

Additional efforts needed to protect the network(s)/ system(s)

27

Internal Use Only

Penetration Test (Pen Test)

Pen Test “tests” systems to find & exploit known vulnerabilities that an attacker could exploit

Determine if there are

Pen Test report will describe any weaknesses as “high”, “medium” or “low”

Require management’s knowledge & consent

Require a high degree of skill to perform

weaknesses and if able to access system functionality and data

Are intrusive as actual “attack” tools are used

28