1. WHAT IS PENETRATION TESTING?
Nick Furneaux
How does this affect my organisation?
Why carry out a penetration test?
Penetration tests won’t always stop you being hacked
Staying current with emerging risks
Why all managers should be interested in security…
Impact on the organisation of not penetration testing
2. SUCCESSFUL PENETRATION TESTING: AN OVERVIEW
Sharif Gardner
Understanding what penetration testing will achieve
Delivering maximum value from penetration testing
Penetration testing as part of a holistic information security programme
Risk assessments and relevance to live-system lifecycles
3. REGULATORY MANAGEMENT FOR PENETRATION TESTING
Rob Ellis
Governance and regulatory compliance overview
Regulatory and legal preparatory considerations
Sectors and compliance standards
4. EMBEDDING PENETRATION TESTING WITHIN ORGANISATIONAL SECURITY POLICIES AND PROCEDURES
Ceri Charlton
Adding penetration testing to an existing enterprise information security strategy
Alignment of policies and procedures with the changing nature of threats
Awareness raising and notification
Other factors for consideration
5. OUTCOME- AND INTELLIGENCE-LED PENETRATION TESTING
Jason Charalambous and Moinuddin Zaki
How penetration test programmes should be informed by defined outcomes
Threat intelligence-led penetration testing
Jims Marchang and Roderick Douglas
Defining the scope of penetration tests
7. PENETRATION TEST COVERAGE AND SIMULATING THE THREAT
Felix Ryan
Penetration test coverage and structure
8. BUILDING ORGANISATIONAL CAPABILITY FOR PENETRATION TESTING
Ceri Charlton
In-house penetration testing compared with third-party penetration testing
9. COMMISSIONING PENETRATION TESTS
Peter Taylor
An overview of the penetration testing service provider market
Working relationships with testers
Review and ‘rotation’ of test providers
Commercial and technical relationships
Understanding and using test results
10. SELECTING TOOLS FOR PENETRATION TESTING
Jims Marchang and Roderick Douglas
Assessing the most appropriate penetration testing tools and techniques for the programme
11. GOOD PRACTICE FOR PENETRATION TESTING
Felix Ryan
What is meant by ‘best practice’ and ‘good practice’?
Building on the tester’s experience
Penetration testing methodologies
Documentation before, during and after a penetration test
Penetration tester travel and being away from home
Test teams versus individual testers
The client being involved in the test
12. ROLE AND COVERAGE OF REPORTING
Gemma Moore
Distributing report content to the relevant audience
13. INTERPRETATION AND APPLICATION OF REPORT OUTCOMES
Gemma Moore
Interpreting reports and circulating key findings
Integrating reporting into bug trackers, ticket managers and management tools
Understanding the full implications of vulnerabilities
14. ACTING ON PENETRATION TESTING RESULTS
Jason Charalambous, Moinuddin Zaki and Tylor Robinson
Establishing a structured remediation plan
3.136.97.64