We look for areas of weakness in the technical environment and then actively attempt to exploit weaknesses. The goal is to answer the question “how easily could a hacker access private data on my systems?”
All organizations are subject and vulnerable to threats. Risks to critical information assets may be intentional or negligent, they may come from seasoned criminals or careless employees, they may cause minor inconveniences or extended service disruption, and they may result in severe financial penalties, loss of public trust and damage to corporate reputation.
Penetration testing is the process of evaluating the implementation of security controls for information systems, networks, applications and facilities by simulating real-world attacks. Regular penetration testing is intended to identify weaknesses in security measures and is one component of a comprehensive security program.
The objectives of this initiative are as follows:
- Identify weaknesses, vulnerabilities and exploits in the organization’s information systems, networks, and applications.
- Improve the overall security posture of the organization – Penetration Testing plays a critical role in an organization’s ability to defend against security threats.
- Reduce organizational risk – Vulnerability scanning can identify existing vulnerabilities and exploits in an organization’s information technology assets, including operating systems, applications, and devices.
- Support compliance – Penetration Testing can satisfy organization’s regulatory, commercial and organizational compliance requirements (see Regulatory Compliance section below).
- Test security investments – Penetration Testing measures the effectiveness of the security controls that are currently in place.