Computerworld
Home News Blogs In Depth ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Newsletter Sign-Up

Receive the latest technology news and information.
Security
Infrastructure & Control
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Five steps to successful and cost-effective penetration testing

Spending your time and money well

By Sandra Gittlen
May 27, 2008 12:00 PM ET
Comments
(1)
Recommended
(203)
Digg
Share/Email



Computerworld - Whether you hire outside consultants or do the testing yourself, here are some tips for making sure your time and money are well spent.

1. Set goals. Make sure you know before you start your penetration testing what you want the results to encompass. Adding in too many systems can be overwhelming and costly.

2. Assign staff and resources to the project. Penetration testing can be expensive, so you might as well get the most out of your consultant's time, says Joe Basirico, senior training engineer at Security Innovation Inc. He recently worked on a project where the client did not assign staff to assist him and, unbeknownst to him, had only allocated a laptop for remote access. Each night, while Basirico conducted his tests off-site, the remote server would time out. He eventually found out that the company's cleaning person would close the lid on the laptop dedicated to his testing. Basirico called this lack of attention to the project a waste of their money.

3. Offer your tester documentation. The more information you share about your systems, the less legwork they have to do to come up to speed, which is less time on the clock. Include details about the types of encryption you use and system configurations.

4. Prioritize the results. Once you've got the results of your tests, map them to your goals. You can't tackle everything so make sure you do a solid risk assessment of the vulnerabilities to lead the way. Try to check things off the list that have immediate payback for your clients' security.

5. Understand no network is perfectly secure. It can be shocking to receive the results of a penetration test, according to Chris Nickerson, security services lead at Alternative Technology Inc. But it's better to know what you're dealing with and fix it than to have a false sense of security and pay the price later.

(Seeking free assessment and testing tech? We've got you covered.)



Comment Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints
Jump to comments

penetration testing

Additional Resources

WHITE PAPER
Do You Know the 7 Steps to Successful Data Migration?
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Total Cost of Ownership of Server Computing Vs. PCs
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
IDC White Paper: Linux in a Global Recession
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

1 comments | Add new
See all comments (1) | Add new

White Papers & Webcasts

Eradicate Spam & Gain 100% Asurance of Clean Mailboxes
Get this paper now!  

Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...

Optimizing Data protection Operations in VMware Environments
This Taneja Group Solution Profile identifies the data protection optimizations available in the VMware vSphere environment.  

Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.

How to Defend Against New Botnets
Get this paper now!  

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

Maximizing Site Visitor Trust Using Extended Validation SSL
Provide site visitors visual cues that indicate your site is legitimate with Extended Validation (EV) SSL available from VeriSign.  

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

Fraud Alert: Phishing - The Latest Tactics and Potential Business Impact
Read this white paper to learn how phishing attacks work, and how to avoid them.  

Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.