oneneck.com/it-security-services
17
Sec on Four
Control 18 – Penetration Testing
A good defense includes a good offense. Because
technology and attack patterns change constantly, it
makes sense to periodically test your own systems
and proactively address flaws. You can hire a
company to perform this service if you don't have
these capabilities.
This control will help you test your company's
defenses by emulating would-be attackers who
include malicious insiders, cybercriminals, hacktivists
and nation states. By considering their motives,
objectives and actions, you can identify and correct
any vulnerabilities they would exploit.
This control targets IG2s, who should create a
penetration test program; conduct regular internal
and external tests to identify vulnerabilities, attack
vectors, and unprotected information and artifacts;
conduct exercises to attack elements not typically
tested in production; use vulnerability scanning
to help guide penetration testing; and control and
monitor all accounts that are used for penetration
testing. Test findings can then be remediated based
on your company's policies for remediation, scope,
and prioritization.
Case Study Placeholder
of organizations say they have
only temporary resources, or
none at all, to respond to security
incidents. (Jaikumar Vijayan)
22%
