When performing penetration tests, some organisations adopt an ad hoc or piecemeal approach, often depending on the needs of a particular region, business unit – or the IT department. Whilst this can meet some specific requirements, this approach is unlikely to provide real assurance about the security condition of your systems enterprise-wide. Consequently, it is often more effective to adopt a more systematic, structured approach to penetration testing, ensuring that:
To help you make the most of your penetration testing, a procurement approach has been developed and is presented on the following page. The five stages in this approach involve determining business requirements; agreeing the testing scope; establishing a management framework (including contracts, risk, change and problem management); planning and conducting the test itself and implementing an effective improvement programme.
18.188.200.46