Wisdom of Life

Penetration Testing

A close look at DoD Cyber Crime Center

Penetration Testing

Penetration Testing, provides a method by which an organisations level of security in relation to its’ digital assets at any given time can be determined. After which, it is possible to determine whether the protective measures are commensurate the level of security required to protect the assets.

Organisations that invest substantial sums in I.T. systems are rightly concerned to ensure that the security protecting those systems meets the level of security for their needs. Particularly to ensure the integrity of data and protect potential corporate embarrassment as a result of the loss, or compromise of that data. Penetration testing is one way of establishing those levels of security.

The irony is that these same organisations often overlook a further critical point. Applying equivalent standards to verify security’s continuing effectiveness.

 

Frequently, this form of Penetration Testing is undertaken in-house by those whose familiarity with the system is such that it skews the findings, no matter how accomplished they tend to naturally absorb the culture of an organisation.

This approach provides an asset in developing in-house customised systems but can be a serious drawback when adopting a hostile mindset of an intruder and although this may provide a degree of confidence, periodical independent testing should be undertaken by competent personnel to validate any in-house activity.

Automated packages are also available and are in widespread use by less specialist IT firms; the problem with this form of Penetration Testing is that there is an infinite variety of permutations created by differences in operating platforms and configurations. The age of the software and it’s updates may mean that it is out of date, ready-made solutions alone cannot be relied upon. The software no matter how sophisticated cannot have the mindset of a competent intruder with access to organisational information.

Our reviews, in addition to conforming to the required standards of detail and accuracy, are concise, user-friendly and come complete with an at-a-glance management summary.

We pride ourselves on submitting recommendations that are intelligible, cost-effective and practical to implement.

Many of our clients have found additional cost benefits in applying recommendations as this has led to increased network robustness, less downtime, maintenance and resources for systems.