Stop Wasting Money on Penetration Testing
Penetration Testing (aka Ethical Hacking) is a substantive test of the net security posture resulting from the security controls applied. It is typically applied to one (or more) domains to assess the net security posture (trustworthiness). For example:
- Network Penetration Testing (Internet/Extranet/Intranet)
- Application Penetration Testing
- Database Penetration Testing
- People (e.g. Social Engineering)
- Physical Security Testing
- Wireless (WLAN) Penetration Testing (“War Driving”)
- Voice Penetration Testing (War Dialing/VoIP Hacking)
Penetration Testing is most frequently performed to:
- Substantiate the net effectiveness of a mature control environment
- Prove to a third party that an environment is secure/trustworthy
- Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
- To validate that significant changes did not have unanticipated results
ISO 27001 Roadmap
ISO 27001 is manageable and not out of reach for anyone! It’s a process made up of things you already know – and things you may already be doing.
Database Security Roadmap
Database Security is one step in a comprehensive approach to building a robust Information Security Management System.
Penetration Testing
Penetration Tests are often used in a manner that is inconsistent with achieving the assurance that the organization seeks.
SIEM Whitepaper
Best Practices for SIEM learned from working closely with numerous vendors and customers on a wide variety of SIEM projects.
