Jump to navigation Jump to search
- PenTesting can identify security vulnerabilities but cannot ensure information policy compliance.
- Important to clearly define the goals and objectives of the test.
- Also important to define the scope, and constraints.
- Best done after change in system infrastructure - which would most likely inadvertently introduce new exposures.
- Adequate backup procedures are in usually in place. Special backups should not be necessary.
- PRIMARY area of interest is the network
- Network mapping
- Customer Data is next after network compromise.
- Penetration Testing is the best way to assure that perimeter security is adequate.