Summary

Penetration testing is the practice of a trusted third party attempting to compromise the computer network of an organization for the purpose of assessing the level and scope of its security. In this chapter, you learned that the need for penetration testing is warranted because of the following factors:

• Proliferation of viruses and Trojans

• Wireless security

• Complexity of networks today

• Frequency of software updates

• Ease of hacking tools

• The nature of open source

• Reliance on the Internet

• Unmonitored mobile users and telecommuters

• Marketing demands

• Industry regulations

Exercise caution when choosing a penetration testing vendor, because the results of the tests could be damaging to your company if they fall into the wrong hands. Choose an experienced and ethical firm that uses a methodical and multifaceted approach to testing.

After you choose a penetration testing vendor, agree on rules of engagement, nondisclosure agreements, and procedures for exchange and destruction of sensitive reports.