Federal regulations require many organizations to conduct independent testing of their computing and networking environment at regular intervals. Many organizations comply with this requirement by conducting penetration testing and vulnerability analyses. These tests offer a snapshot of an organization's security posture during a given point in time. Further, these tests are valuable in maintaining the overall security architecture of the organization by identifying vulnerabilities that could cause important information to be compromised.
The management of an organization seeking to conduct an evaluation of the current environment must clearly understand the scope, methodology and the process for conducting penetration tests and vulnerability analyses. During this presentation, James Kist, a veteran of the Information Security industry, will describe the merits and short-comings of many different approaches employed by security practitioners today. He will discuss some of the key regulatory requirements as well as industry best practices for conducting these types of assessments.
Register for this webinar to listen to proven strategies for:
Evaluating the testing scope and parameters for penetration testing and vulnerability analysis
Testing strategies for all elements of the distributed computing environment;
Understanding the regulatory as well as technical drivers;
Defining the test parameters;
Rules of engagement;
Reporting of findings and recommendations;
Making use of the results.
Penetration testing and Vulnerability Analysis is security testing in which a security analyst attempts to circumvent the security features of a system based on their understanding of the system design and implementation. The purpose of penetration testing or vulnerability analysis is to identify methods of gaining access to a system by using common tools and techniques developed by "hackers." This testing is highly recommended for complex or critical systems (e.g., most organization's networks).
Penetration testing can be an invaluable technique to an organization's information security program. However, it is a very labor-intensive activity and requires great expertise to minimize the risk to targeted systems. With the information presented during this webinar, the attendees will be prepared to get the most from their next penetration tests and vulnerability analyses. The attendees will be able to walk away with real-world solutions to the growing challenges of maintaining information security posture for their organizations. An organization's security posture includes consideration of personnel, processes, and technologies. Definition, periodic testing, and continuous maintenance of appropriate information security standards and practices - all vital components of the security architecture of an organization - will be discussed within the context of penetration testing and vulnerability analysis during this presentation.
Are All Penetration Test and Vulnerability Analysis Equal?
Organizations perform penetration testing and vulnerability analyses under several different conditions. The goal is to expose not only vulnerabilities that can be leveraged by outside intruders who have no link to information on the organization, but also vulnerabilities that can be potentially exploited by "insiders" who possess some knowledge and access to the mission-critical systems.
Attendees will hear strategies for gaining the most return from their investments while conducting penetration testing and vulnerability analyses. The speaker will also expand on how successive testing can build upon the knowledge gained during these tests in order to continually strengthen the organization's security posture.
Premium Members Only
OnDemand access to this webinar is restricted to Premium Members.
Senior Information Security Consultant, Icons, Inc
James Kist, CISSP, is a Senior Information Security Consultant with Icons, Inc. He has more than 15 years experience in Information Technology, with more than 10 years specializing in Information Security. He has authored courseware on several topics including network security, system security, web application security, and wireless network security. He regularly conducts penetration tests and vulnerability assessments on wired networks, wireless networks, and web applications for financial institutions. He is a Certified Information Systems Security Professional (CISSP) and is a SANS GIAC-GWAS (GIAC Web Application Security) Certified Professional. He holds a Bachelor's degree in Computer Science from University at Buffalo.