Planning for Security Testing
Security testing is critical component of a security program and needs to be done on a regular basis. However, I’ve noticed that how companies use security testing varies wildly. Some companies have their testing integrated into their plans for the year. Their tests are scheduled in advance and they know what needs to be focused on.
Other organizations are in reactive mode with their testing. “Oh no, our deadline to meet compliance requirements is three weeks away! We need a penetration test now!” The security team is in panic mode as they try to meet the looming deadline.
You are probably not at either of these extremes, but you may still have a number of questions about having a security test performed. What do you need to have done? What should be tested? Who should I have perform the testing? The list can go on for quite a while.
Upcoming Video and Blog Series
I’ve started working on a series of videos and blog posts to help organizations better use security testing. The series is to provide you with information and resources that will help you plan for your security testing and get the most value out of it. If used well, you will be able to structure your testing to meet your business’ needs. You will have a smoother engagement and have the right team performing the test.
The topics are still being finalized, but here is what I have in mind right now.
- Planning your security testing regimen
- When to use a vulnerability assessment versus a penetration test
- Selecting a penetration testing firm
- Scoping the penetration test
- Scoping the vulnerability assessment
- During the engagement
- Reviewing the report
- Working on remediation
If this sounds interesting to you, then stay tuned. The first topic will be online in a few days, with the others following shortly after. If you have specific questions that you want answered, let me know. You can email me at email@example.com.
If you would like to be notified of updates to the series, then sign up for our mailing list using the form below.