Professional Documents
Culture Documents
Capella University
March 8, 2019
PENETRATION TESTING PLANNING 2
Abstract
against a hostile attacker or cyber hacker. Since IT administrators apply and implement security
controls and networking management policies to mitigates any organization network system flaws
and weakness.
This paper will examine the “high-level workflow ways to defend and enforce the
penetration testing methodology and processes. Discussing further over the paper is the strategies
and plan for enforcement of tools and human resources for the needs specific penetration testing
which is available when. This paper will examine the plan to select the outsider penetration partner
Table of Content
Cover Page,
Abstract.
Table of Content.
Introduction/ Body
Conclusion
References
PENETRATION TESTING PLANNING 4
Beginning
PENETRATION TESTING PLANNING 5
Introduction
Have penetration testing policy is to apply an assurance procedure that will supervisor the
pen-testing, network monitoring and performance metric against the organization quality
assurance requirements and maintain the right course of actions as being taken. To have quality
impactful penetration testing the organization needs to develop the right workflow of penetration
testing plan which takes in recognition critical timescale to sue the automated and manual
procedures to mitigate a cyber attack on the organization information security governance which
cover attacks from an attacker using malicious code to the organization employees’ human factors
flaws and weakness. Cressey (2017) paper examines that since every organization needs to appoint
a trusted specialist employee to run the penetration testing, which requires the outlines specifying
PENETRATION TESTING PLANNING 8
the testing requirements, the scope of penetration testing in the define management framework.
The scope of penetration testing is cover base on the defined depth and how far the testing
going to cover, by finding the type of pen-testing is needed. Also, how to deal with will be a risk
within the expected network system failures and system exposure of sensitive data, also agreeing
on the targeted victim's system and how many for the pen-testing times. Since there is going to be
an active evaluation of a targeted system for any will be flaws and weakness. For the automated
vulnerability, evaluation seeks to find known or unknown system weakness in the management
and configuration. Also, we seek to validate any will be fewer security controls which needs to
apply.
The testing challenges which might arise making difficult to achieve quality and effective
pen-testing such as how much it will cost for external penetration testing services, remediating the
organization system weakness effectively. Cressey states that (2017) every organization is able to
find the right pen-testing specialist as required if they put much effort into it. The quality workflow
aid for the penetration testing on the organization withstands real-time cyber attacks for how the
system weakness can mitigate the weakness. How the organization can mitigate the network
system threats and the weakness using various countermeasure plans in dealing with associated
risk assessment.
Using external penetration partner for the testing international organization since the
outside pen testing partners are expert who can apply and implement structured penetration testing
procedures and plans. Also, they can define the number of times and frequency for penetration
testing. Also, they are capable of conducting long and short time operation and reduction cost
development and training the internal employees for penetration testing. Also, the international
organization is able to take advantage and benefits of outside partner tools and resources for
PENETRATION TESTING PLANNING 9
penetration testing such as workflow below by OWASP. Since the outside partner will help the
organization to drive in meeting its requirements for various compliance. Better improve its
business processes by making all the needed changes. Finally, education and awareness are
enhanced by security attacks. Since by then the international organization requirements and needs
are met by further penetration testing with an outside partner, any system vulnerabilities have been
identified and mitigated quickly and effectively. The associated which are risk identity are kept
within the best levels in the organization limits (OWASP, 2004, p 17-22).
The best tools and HR resources for the pen testing from the internal organization plan to
PENETRATION TESTING PLANNING 10
penetration, the Blind pen testing plans to put on a real-time cyberattack by a hacker in activities
and actions, the continues passive research by the organization, outside partnership with pen
References
Capella University, 2019, Course room, unit 9, Penetration testing planning, Date retrieved
03/8/2019,
https://courserooma.capella.edu/webapps/blackboard/content/listContent.jsp?course_id=_
162482_1&content_id=_7268977_1&mode=reset
Jason Cressey, (2017) A guide for running an effective Penetration Testing program me, CREST,
Penetration-Testing-Guide.pdf
OWASP. (2004). OWASP Web Application Penetration Checklist Version 1.1. Date
retrieved03/8/2019,
https://mboulou.files.wordpress.com/2009/08/owaspwebapppentestlist1-1.pdf
PENETRATION TESTING PLANNING 12
PENETRATION TESTING PLANNING 13