What Is Penetration Testing?
Penetration testing seeks to bridge the gap between the rote use of technical tools to test an organization’s security and the power of those tools when placed in the hands of a skilled and determined attacker. Penetration tests are authorized, legal attempts to defeat an organization’s security controls and perform unauthorized activities. The tests are time-consuming and require staff who are as skilled and determined as the real-world attackers who will attempt to compromise the organization. However, they’re also the most effective way for an organization to gain a complete picture of its security vulnerability.
Cybersecurity Goals
Cybersecurity professionals use a well-known model to describe the goals of information security. The CIA triad, shown in Figure 1.1, includes the three main characteristics of information that cybersecurity programs seek to protect.
- Confidentiality measures seek to prevent unauthorized access to information...