Hire An Expert, Or Conduct Penetration Testing Yourself?

Penetration testing is the testing of computer systems and networks using hacker techniques. For many years authors have written texts in a succinct and easy to follow format on how you can conduct your own penetration testing. This has opened up the debate as to the importance of actually hiring a professional company to perform penetration tests - when there is so much information available for a company to perform these important tests on their own. The answer to that debate is largely dependent on how confident you are in the ability of your staff to perform penetration testing; but that is not the only thing that you should think about.

Our clients include people who are experts in their respective areas of technology. But having expertise in how a certain technology works is not the same as being an expert in how to secure that technology. To successfully secure a product, you must first know how to break it, and then how to apply effective countermeasures. This requires experience with a number of different enterprise environments, and an understanding of their complexities and the possible permutations of their implementation.

One known and accepted best practice is that people should not be the ones to test their own work. It is difficult for someone to conduct an objective evaluation of his own work. Not only that -- if a person is able to find security problems in his work, then one has to wonder why he didn't correct them during implementation. For this reason the person may be reluctant to admit having found a security issue in his own work after the implementation phase. Normally, a person is so immersed in the details of the project that it is difficult for him to step back and take a broader perspective.

There are situations where the team that deployed a system does not perform a penetration test on their own system, instead a different team within the organisation performs the test. This may prevent some of the problematic issues that may occur when a team is too close to a project and allow mistakes to be found. However, you are then faced with the question of experience. Who is likely to find the most vulnerabilities and know how to correct them? A team of individuals who conduct a penetration test a few times a year, or a company that has years of experience and perform hundreds of penetration tests each year? Clearly these are very different skill sets.

I do recommend that companies run their own regular penetration tests. However, it is also important that an expert team be brought in to conduct testing at least once a year.

Sense of Security is a leading provider of information security and risk management solutions. We are Australias premier penetration testing firm and trusted IT security advisor to many of the countries largest organisations.

Get all the information and photos:: http://coringa.info/internet/hire-an-expert-or-conduct-penetration-testing-yourself