Services for Business Technology - Services
Similar to a Vulnerability Assessment, but different in that a pen test will actually attempt to gain access to your systems both from external and internal sources. Typically a pen test will follow an initial Vulnerability assessment, full or partial, which has exposed system weaknesses, and the pen test will then measure the extent of those weaknesses.
A penetration test is in essence a technical security risk assessment process, which evaluates your information security measures. These measures are analysed for design weaknesses, technical flaws and vulnerabilities; the results are then delivered in a report with a suitable remediation plan to resolve all vulnerabilities found and therefore secure and protect your network and mission critical systems.
The penetration test will help an organisation identify threats that may lead to security breaches such as means by which a third party might gain access to your or your clients data. The testing associated with the security risk assessment will also provide quality assurance through the assessment of policy, procedure, design and implementation. Security testing ensures best practice by conforming to legal and industry regulations, such as ISO17799.
Without a thorough security assessment, a malicious user may be able to can rely on their security, primarily due to the human factor. If someone is targeting your organisation specifically then there is a strong possibility that they do indeed have detailed knowledge of your systems and procedures (a disgruntled ex-employee for example). In this case it is wise to assume the worst i.e. that they in have complete knowledge of your systems. This is because if your security relies solely on the secrecy of your designs, then you do not have any tangible security at all.
Only on-going security assessment will ensure that your network or systems are configured correctly to ensure security to protect from both internal and external threats.