How often should you conduct penetration testing?

ITworld Answers

Ask a Question

How often should you conduct penetration testing?

nchristine 12 weeks ago

What is a good rule of thumb to follow for penetration testing for IT security? How often is sufficient vs. being a waste of resources?

Tags: Penetration testing, pentesting

Topic: Security

Answer this Question

Login or register to post answers
Permalink

Answers

2 total

jimlynch 12 weeks ago

Here's a page with some good penetration testing information:

http://www.penetration-testing.com/home.html

"Most people that find their way to this page do so because either they have been told they need to get their information systems tested to prove they are secure, or their systems have already been hacked and they want to understand what happened.

In both cases you'll be pleased to hear that the information in this guide should help you to quickly understand the choices you have available to improve the situation.

What is penetration testing?
The term "penetration testing" is an industry buzzword, which used to mean something quite specific, but is now commonly used by customers to refer to just about any type of security testing. We won't be bucking the trend either; we know a dead horse when we see one.

The general process tends to be that your systems get tested, and then at the end you receive a report that highlighs all the insecure areas that need attention, along with advice on how to fix them."

Share this answer
Permalink

ehtan 13 weeks ago

Depends. Some certifications lay out specific requirements for pentesting. In general, I would mirror many certifications and say annually. If you make major changes to your network, I would think it would be wise to conduct penetration tests. One thing to keep in mind if you use AWS or other cloud service, you probably need to get approval first and make sure that you don't violate your TOS by conducting penetration testing out of the blue.

Share this answer
Permalink

Answer this Question

Related Questions

Lemarchand

1 year ago

Are you ready to deploy a Next Generation Firewall?

Is Palo Alto the only true NGFW? SonicWall? Juniper SRX? Do you think that Gartner's definition of a NGFW is correct? Does anyone know...

Tags:

2 Answers

Answer It

tover

1 year ago

I'm considering a slight career change to IT security - what do I need to consider?

I've been in IT for awhile, and am considering a shift to focus more on security and related technologies, policies, etc. What kinds of...

Tags: infosec

2 Answers

Answer It

dblacharski

1 year ago

TRUSTED VOICE

Smartphone security apps

Are there reputable security applications out there for BlackBerry, Android, and iPhone that will protect my business emails, chats, and...

Tags: email security, smartphone security

2 Answers

Answer It

dblacharski

4 weeks ago

TRUSTED VOICE

How to recover data from crashed hard drive

Yes, it's true that everyone should know better, and should be backing up data to an off-site facility on a regular basis. But, in...

Tags:

4 Answers

Answer It

dblacharski

1 year ago

TRUSTED VOICE

Cloud computing security from user perspective

Cloud computing security is approached from two directions; the cloud provider, and the end user. Regarding the provider, our strategy...

Tags:

2 Answers

Answer It

Ask a question

Testing cell networks across America: Phone crime is real

Our wireless testing guru ran into the dangerous world of smartphone crime several times while testing in America's largest cities.

Texas drone bill sparks a battle

The battle to find a balance between privacy concerns and the beneficial use of drones for commercial and law enforcement purposes is in sharp focus in a bill that's winding its way through the Texas legislature.

Alleged tech support scammers settle FTC charges

Operators of two alleged tech support scams that charged consumers hundreds of dollars to supposedly fix their computers have settled charges from the U.S. Federal Trade Commission.

Police arrest Anonymous suspects in Italy

Italian police arrested four suspected hackers Friday, accusing them of having taken control of the Italian branch of the Anonymous network.

Researchers uncover new global cyberespionage operation dubbed SafeNet

Security researchers from Trend Micro have uncovered an active cyberespionage operation that so far has compromised computers belonging to government ministries, technology companies, media outlets, academic research institutions and nongovernmental organizations from over 100 countries.

New Mac spyware found on Angolan activist's computer

Previously unknown Mac OS X spyware, signed with a valid Apple Developer ID, has turned up on the laptop of an activist from Angola at a human rights conference in Norway.

In a sea of malware, viruses make a small comeback

The computer virus seems to be making a subtle comeback.

At Google I/O, Glass wearers say 'trust us'

Google is facing some tough questions from Congress over the privacy concerns raised by Glass, its fledgling augmented reality system for recording and receiving information on the fly. But on the ground at the company's I/O conference for developers, attendees are largely enthusiastic about the technology.

Four former LulzSec members sentenced to prison in the UK

Four British men associated with the LulzSec hacker collective received prison sentences Thursday for their roles in cyberattacks launched by the group against corporate and government websites in 2011.

SunGard brings cloud service to disaster recovery

Can the old guard in business continuity and disaster-recovery services thrive in an era when the companies are looking at new ways to process business data? SunGard Data Systems, with decades of experience in availability services, is feeling the pinch as some business clientele move data to the cloud. But SunGard says it's pushing forward with innovations that are making it a public cloud provider as well with the kind of application availability it says will be hard to match elsewhere.