Penetration Testing: Choose Wisely for Data Security

CLEVELAND, Nov. 30, 2011 /PRNewswire/ -- When selecting a Penetration Testing Company for your information systems security needs, there are certain things you'll want to ensure your consulting firm has, does, and can handle.

To begin with, you'll want nationally renowned ethical hacking experts on the team.  The team should regularly present at national and international security conferences, including Defcon, ShmooCon, OWASP, and Black Hat.

The firm should employ a team-based approach to performing penetration tests.  This ensures a wide range of skills and expertise is brought to bear when performing penetration testing.

They also should have computer forensics experts on staff and get debriefed after incidents to ensure the techniques used by the firm's team match the attacks that are being seen in the wild.

During the test it helps if the pen testing consultants can explain all the tools, techniques, and attacks that are being utilized.  This provides an excellent opportunity for you to increase your knowledge and gain a deeper understanding of the vulnerabilities discovered.

Look for an information security firm that does not sell products; this enables you to receive unbiased recommendations, which oftentimes can include free solutions.  An ethically independent opinion is crucial, even with the so-called "labs" from product vendors or resellers that are seemingly separate.

The team should have developed proprietary toolsets to speed the process of a penetration test without sacrificing quality.  In addition, they should create their own exploits and have a history of publishing those exploits to the community.

They should be able to offer vulnerability and penetration testing standards and metrics development when creating a program to review results.  Without putting data into a standardized form, it is impossible to compare multiple tests or develop meaningful trending.

If you're really looking to separate the premium IT security consulting firms from the rest, ask them to map controls tested back to a framework or regulation.  This not only identifies potential vulnerabilities, but also looks at maturity within your risk management program and gives executives specific controls to work on vs. the standard "there are problems" approach. 

About SecureState

SecureState provides information security assessments to help our clients obtain and maintain their desired state of security. SecureState consultants work to provide the very best logical, physical, and personnel security services through our five practices: Advisory Services, Audit & Compliance, Profiling & Penetration, Risk Management, and Business Preservation Services  For more information visit: www.securestate.com.

Contact: Sabrina Powers, +1-216-927-8261, [email protected]

SOURCE SecureState

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

440k+
Newsrooms &
Influencers

9k+
Digital Media
Outlets

270k+
Journalists
Opted In

GET STARTED