Home Page Icon
Home Page
Table of Contents for
Front Cover
Close
Front Cover
by Peter Taylor, Felix Ryan, Tylor Robinson, Gemma Moore, Moinuddin Zaki, Jims Marc
Penetration Testing: A guide for business and IT managers
Front Cover
Half-Title Page
BCS, THE CHARTERED INSTITUTE FOR IT
Title Page
Copyright Page
Contents
List of figures and tables
About the authors
Foreword
Abbreviations
Glossary
Preface
1. WHAT IS PENETRATION TESTING?
How does this affect my organisation?
Why carry out a penetration test?
Penetration tests won’t always stop you being hacked
Staying current with emerging risks
Why all managers should be interested in security…
Impact on the organisation of not penetration testing
Summary
References
2. SUCCESSFUL PENETRATION TESTING: AN OVERVIEW
Understanding what penetration testing will achieve
Delivering maximum value from penetration testing
Penetration testing as part of a holistic information security programme
Risk assessments and relevance to live-system lifecycles
Summary
References
3. REGULATORY MANAGEMENT FOR PENETRATION TESTING
Governance and regulatory compliance overview
Regulatory and legal preparatory considerations
Sectors and compliance standards
Summary
References
4. EMBEDDING PENETRATION TESTING WITHIN ORGANISATIONAL SECURITY POLICIES AND PROCEDURES
Adding penetration testing to an existing enterprise information security strategy
Preparation and planning
Alignment of policies and procedures with the changing nature of threats
Awareness raising and notification
Other factors for consideration
Summary
5. OUTCOME- AND INTELLIGENCE-LED PENETRATION TESTING
How penetration test programmes should be informed by defined outcomes
Threat intelligence-led penetration testing
Next steps?
Summary
Reference
6. SCOPING A PENETRATION TEST
Defining the scope of penetration tests
Mapping of assets
Summary
References
7. PENETRATION TEST COVERAGE AND SIMULATING THE THREAT
Penetration test coverage and structure
Simulating the threat
Summary
References
8. BUILDING ORGANISATIONAL CAPABILITY FOR PENETRATION TESTING
In-house penetration testing compared with third-party penetration testing
Hybrid approaches
Summary
References
9. COMMISSIONING PENETRATION TESTS
An overview of the penetration testing service provider market
Test provider capabilities
Working relationships with testers
Review and ‘rotation’ of test providers
Test consents
Commercial and technical relationships
Understanding and using test results
Summary
References
10. SELECTING TOOLS FOR PENETRATION TESTING
Context
Assessing the most appropriate penetration testing tools and techniques for the programme
Summary
References
11. GOOD PRACTICE FOR PENETRATION TESTING
What is meant by ‘best practice’ and ‘good practice’?
Building on the tester’s experience
Penetration testing methodologies
Documentation before, during and after a penetration test
Penetration tester travel and being away from home
Test teams versus individual testers
The client being involved in the test
Health and safety
Summary
Reference
12. ROLE AND COVERAGE OF REPORTING
Purpose of reporting
Distributing report content to the relevant audience
Coverage of reporting
Summary
13. INTERPRETATION AND APPLICATION OF REPORT OUTCOMES
On debriefs
Interpreting reports and circulating key findings
Integrating reporting into bug trackers, ticket managers and management tools
Understanding the full implications of vulnerabilities
Summary
14. ACTING ON PENETRATION TESTING RESULTS
Interpreting results
Establishing a structured remediation plan
Penetration test timings
Summary
Notes
Index
Back Cover
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Half-Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset