Scribd Logo
Upload

Welcome to Scribd!

  • 1applying Physical Security To NetworksWA

    Uploaded by

    wasirifie
    5 views13 pages
    essay

    Original Title

    1Applying Physical Security to NetworksWA

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    essay

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views13 pages

    1applying Physical Security To NetworksWA

    Uploaded by

    wasirifie
    essay

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    PENETRATION TESTING PLANNING 1

    Penetration Testing Planning

    Capella University

    IAS5220 – Network Security Controls and Testing.

    March 8, 2019
    PENETRATION TESTING PLANNING 2

    Abstract

    The pen-testing is the process of finding a weakness, flaws, and vulnerabilities in

    conducting a penetration testing in an existing network system or information security governance

    of organization security controls. By using hacking or attacking procedure by a trusted individual

    against a hostile attacker or cyber hacker. Since IT administrators apply and implement security

    controls and networking management policies to mitigates any organization network system flaws

    and weakness.

    This paper will examine the “high-level workflow ways to defend and enforce the

    penetration testing methodology and processes. Discussing further over the paper is the strategies

    and plan for enforcement of tools and human resources for the needs specific penetration testing

    which is available when. This paper will examine the plan to select the outsider penetration partner

    of the international organization” (Capella, 2019, 21-23).

    Keywords: outsider penetration partner, workflow, penetration testing.


    PENETRATION TESTING PLANNING 3

    Table of Content

     Cover Page,

     Abstract.

     Table of Content.

     Introduction/ Body

     Conclusion

     References
    PENETRATION TESTING PLANNING 4

    U09V1 Toolwire Lab 5

    Unit 09Tool wire Lab beginning

    Beginning
    PENETRATION TESTING PLANNING 5

    Mid Way Lab


    PENETRATION TESTING PLANNING 6
    PENETRATION TESTING PLANNING 7

    Ending Lab Test

    Introduction

    Have penetration testing policy is to apply an assurance procedure that will supervisor the

    pen-testing, network monitoring and performance metric against the organization quality

    assurance requirements and maintain the right course of actions as being taken. To have quality

    impactful penetration testing the organization needs to develop the right workflow of penetration

    testing plan which takes in recognition critical timescale to sue the automated and manual

    procedures to mitigate a cyber attack on the organization information security governance which

    cover attacks from an attacker using malicious code to the organization employees’ human factors

    flaws and weakness. Cressey (2017) paper examines that since every organization needs to appoint

    a trusted specialist employee to run the penetration testing, which requires the outlines specifying
    PENETRATION TESTING PLANNING 8

    the testing requirements, the scope of penetration testing in the define management framework.

    The scope of penetration testing is cover base on the defined depth and how far the testing

    going to cover, by finding the type of pen-testing is needed. Also, how to deal with will be a risk

    within the expected network system failures and system exposure of sensitive data, also agreeing

    on the targeted victim's system and how many for the pen-testing times. Since there is going to be

    an active evaluation of a targeted system for any will be flaws and weakness. For the automated

    vulnerability, evaluation seeks to find known or unknown system weakness in the management

    and configuration. Also, we seek to validate any will be fewer security controls which needs to

    apply.

    The testing challenges which might arise making difficult to achieve quality and effective

    pen-testing such as how much it will cost for external penetration testing services, remediating the

    organization system weakness effectively. Cressey states that (2017) every organization is able to

    find the right pen-testing specialist as required if they put much effort into it. The quality workflow

    aid for the penetration testing on the organization withstands real-time cyber attacks for how the

    system weakness can mitigate the weakness. How the organization can mitigate the network

    system threats and the weakness using various countermeasure plans in dealing with associated

    risk assessment.

    Using external penetration partner for the testing international organization since the

    outside pen testing partners are expert who can apply and implement structured penetration testing

    procedures and plans. Also, they can define the number of times and frequency for penetration

    testing. Also, they are capable of conducting long and short time operation and reduction cost

    development and training the internal employees for penetration testing. Also, the international

    organization is able to take advantage and benefits of outside partner tools and resources for
    PENETRATION TESTING PLANNING 9

    penetration testing such as workflow below by OWASP. Since the outside partner will help the

    organization to drive in meeting its requirements for various compliance. Better improve its

    business processes by making all the needed changes. Finally, education and awareness are

    enhanced by security attacks. Since by then the international organization requirements and needs

    are met by further penetration testing with an outside partner, any system vulnerabilities have been

    identified and mitigated quickly and effectively. The associated which are risk identity are kept

    within the best levels in the organization limits (OWASP, 2004, p 17-22).

    Fig 1. References OWASP (2004), WORKFLOW PENETRATION TESTING.

    The best tools and HR resources for the pen testing from the internal organization plan to
    PENETRATION TESTING PLANNING 10

    penetration, the Blind pen testing plans to put on a real-time cyberattack by a hacker in activities

    and actions, the continues passive research by the organization, outside partnership with pen

    testing suppliers and open source supervision (Cressey, 2017, p 31-35).

    Fig 2, Reference Cressey (2017)


    PENETRATION TESTING PLANNING 11

    References

    Capella University, 2019, Course room, unit 9, Penetration testing planning, Date retrieved

    03/8/2019,

    https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_

    162482_1&content_id=_7268977_1&mode=reset

    Jason Cressey, (2017) A guide for running an effective Penetration Testing program me, CREST,

    Date retrieved 03/8/2019, https://www.crest-approved.org/wp-content/uploads/CREST-

    Penetration-Testing-Guide.pdf

    OWASP. (2004). OWASP Web Application Penetration Checklist Version 1.1. Date

    retrieved03/8/2019,

    https://mboulou.files.wordpress.com/2009/08/owaspwebapppentestlist1-1.pdf
    PENETRATION TESTING PLANNING 12
    PENETRATION TESTING PLANNING 13

    You might also like