How often should you conduct penetration testing?

nchristine
nchristine 13 weeks ago

What is a good rule of thumb to follow for penetration testing for IT security? How often is sufficient vs. being a waste of resources?

Tags: Penetration testing, pentesting
Topic: Security
Answer this Question

Answers

2 total
jimlynch
jimlynch 13 weeks ago
Vote Up (4)

Here's a page with some good penetration testing information:

http://www.penetration-testing.com/home.html

"Most people that find their way to this page do so because either they have been told they need to get their information systems tested to prove they are secure, or their systems have already been hacked and they want to understand what happened.

In both cases you'll be pleased to hear that the information in this guide should help you to quickly understand the choices you have available to improve the situation.

What is penetration testing?
The term "penetration testing" is an industry buzzword, which used to mean something quite specific, but is now commonly used by customers to refer to just about any type of security testing. We won't be bucking the trend either; we know a dead horse when we see one.

The general process tends to be that your systems get tested, and then at the end you receive a report that highlighs all the insecure areas that need attention, along with advice on how to fix them."

ehtan
ehtan 14 weeks ago
Vote Up (4)

Depends. Some certifications lay out specific requirements for pentesting. In general, I would mirror many certifications and say annually. If you make major changes to your network, I would think it would be wise to conduct penetration tests. One thing to keep in mind if you use AWS or other cloud service, you probably need to get approval first and make sure that you don't violate your TOS by conducting penetration testing out of the blue.  

Answer this Question

Related Questions

Lemarchand
Lemarchand
1 year ago
Are you ready to deploy a Next Generation Firewall?

Is Palo Alto the only true NGFW? SonicWall? Juniper SRX? Do you think that Gartner's definition of a NGFW is correct? Does anyone know...

Tags:
2 Answers
Answer It
tover
tover
1 year ago
I'm considering a slight career change to IT security - what do I need to consider?

I've been in IT for awhile, and am considering a shift to focus more on security and related technologies, policies, etc. What kinds of...

Tags: infosec
2 Answers
Answer It
dblacharski
dblacharski
1 year ago
TRUSTED VOICE
Smartphone security apps

Are there reputable security applications out there for BlackBerry, Android, and iPhone that will protect my business emails, chats, and...

Tags: email security, smartphone security
2 Answers
Answer It
dblacharski
dblacharski
5 weeks ago
TRUSTED VOICE
How to recover data from crashed hard drive

Yes, it's true that everyone should know better, and should be backing up data to an off-site facility on a regular basis. But, in...

Tags:
4 Answers
Answer It
dblacharski
dblacharski
1 year ago
TRUSTED VOICE
Cloud computing security from user perspective

Cloud computing security is approached from two directions; the cloud provider, and the end user. Regarding the provider, our strategy...

Tags:
2 Answers
Answer It

Ask a question

Join Now or Sign In to ask a question.
Schnucks wants federal court to handle data breach lawsuit
St. Louis-based grocery chain Schnuck Markets has claimed that a potential class action lawsuit filed against it in an Illinois state court over a recent data breach really belongs in federal court because of the case's scope and damages involved
Proposed law would make reprogramming cellphone IDs a crime
Reprogramming the identification number of a cellphone could be punishable with a prison sentence of up to five years under the terms of a proposed law announced Friday.
Researchers warn of increased Zeus malware activity this year
The amount of cybercriminal activity associated with the Zeus family of financial Trojan programs has increased during the past few months, according to security researchers from antivirus vendor Trend Micro.
Researchers find unusual malware targeting Tibetan users in cyberespionage operation
Security researchers from antivirus vendor ESET discovered a piece of cyberespionage malware targeting Tibetan activists that uses unusual techniques to evade detection and achieve persistency on infected systems.
DHS warns employees that years-old database hole puts their privacy at risk
Vulnerability in software used for Department of Homeland Security background investigations allowed potential unauthorized access since 2009.
Google to lengthen SSL encryption keys from August
Google plans to upgrade the security of its SSL (Secure Sockets Layer) certificates, an important component of secure communications.
Microsoft brushes off claim Xbox Live accounts were compromised
Microsoft brushed off a dubious hacker's claim on Thursday that he stole 47 million account credentials for Microsoft's Xbox Live gaming service.
Could the Bitcoin network be used as an ultrasecure notary service?
Manuel Araoz, a 23-year-old developer in Argentina, has an idea for Bitcoin that doesn't focus on money.
U.S. urged to let companies 'hack-back' at IP cyber thieves
U.S. companies should be allowed to take aggressive countermeasures against hackers seeking to steal their intellectual property, contends the private Commission on the Theft of American Intellectual Property.
Researchers find more versions of digitally signed Mac OS X spyware
Security researchers have identified multiple samples of the recently discovered "KitM" spyware for Mac OS X, including one dating back to December 2012 and targeting German-speaking users.

Most Active Members

jimlynch

jimlynch

0 questions | 1603 answers

TRUSTED VOICE
Christopher Nerney

Christopher Nerney

2 questions | 181 answers

becker

becker

43 questions | 92 answers

TRUSTED VOICE
wstark

wstark

41 questions | 70 answers

lsmall

lsmall

14 questions | 87 answers

TRUSTED VOICE