The introduction of vulnerabilities into the information system is clearly part of the life cycle of the modern information system. Organizations rush information systems into production without adequate testing, resulting in potentially highly vulnerable systems. The key to protecting your organization's information system is continued vigilance through continuous technical testing.

In this chapter, we learned:

• The categories of technical testing and how to take advantage of them
• How to integrate the various categories of information security testing into the SDLC
• Considerations related to vulnerability assessment, penetration testing, and continuous monitoring

In the next chapter, we will learn about business continuity and disaster recovery (BCDR) planning. We will discuss the many considerations around how to implement a successful BCDR plan, leading to continued business operations in the event of a disaster.