November 9, 2015 •
Today’s unprecedented breach activity—and the high costs breached companies are paying as a result—are causing executive teams to sit up and take notice.
Those responsible for organizational IT are finding themselves under increasing pressure to reinforce and report on a strong security posture to stakeholders.
Regular testing can go a long way toward building confidence in your security posture. Begin with a set of benchmark metrics and then hold all subsequent testing results up against them.
Internal and external vulnerability scanning: An external vulnerability scan will attempt to uncover any security holes that would allow malicious outsiders to break in and attack the network, while an internal vulnerability scan looks for potential vulnerabilities within the business environment. Both types of scans are essential tools in understanding the risk present within your IT infrastructure and should be conducted regularly.
Penetration testing: No test is better than the test of a real person trying to break into your network or web application. Cyber criminals have a bevy of knowledge and tools to support their attacks, so why not put a white hat on your side?
Internal security awareness testing: You can layer on the secure systems and technologies, but the threat landscape is constantly evolving and if your employees are unprepared, those layers could be penetrated more quickly than you think. After all, people are your biggest vulnerability. Social engineering engagements are an excellent way to test employees’ security awareness and if these “tests” are conducted regularly, you can measure the organizational progress in internal security awareness over time.
Incident response plan testing and review: An incident response plan is a must have for every organization, because when events occur it is critical that everyone knows how to play their positions. The only way to be confident that your incident response plan can serve your organization in a time of need is to review and test it regularly.
Your job is a lot easier when you’ve got a set of metrics on which to base your confidence. Build your confidence by engaging in the baseline security testing practices above.
Subscribe to this blog for additional tips and webinar announcements.