|
not need. Your goal is best achieved by a consulting firm whose focus is on the results of the test, not future product sales. The benefits and value of utilizing qualified testers that have the skills, tools, and in-depth knowledge will be evident in the way the tests are conducted as well as the final reporting document.
It is extremely important you clearly define the objectives (rules of engagement) and scope for your penetration test. This includes identifying systems to be tested, the timeframe for testing, the level of testing required, and the personnel involved. It should also include escalation procedures in the event a high-risk vulnerability is found. A well-defined plan will ensure the service delivered meets your expectations.
The heart of any penetration test is the quality and value of the report. Conducting the test is very time consuming, and documenting the discovery detail is even more laborious. A professional report will have an executive summary describing general findings and the overall security posture of your network, systems, or Web applications. The report should then contain detailed findings on all vulnerabilities and the level of risk they pose, a remediation section that specifies a corrective action or recommended solution for each threat and vulnerability discovered, and a remediation matrix to help prioritize and guide the remediation effort.
Tests can vary considerably based on methods used, the scope of the tests and the type of practitioner you engage to do the testing, so have the testing firm thoroughly review the processes performed and have it in writing.
For information on conducting a penetration test for your company, please contact us at 888-448-5451 or request a representative to call you.
|
|