Penetration Testing after a New Security System is Implemented

1096 Words 5 Pages
Any time a new security system is implemented it needs to be tested thoroughly. Part of the tests that are performed to ensure that the new or prosed system meets the goals set forth by the organization, is penetration testing. Penetration testing involves security professionals simulating “attacks by a malicious external source” (Whitman & Mattord, 2012, p. 551). These tests allow the security professionals to determine points of failure that may not have been identified in vulnerability testing, as well as the criticality of the items defined in the vulnerability tests. These tests can be performed in one of two ways, either with or without knowledge of the organizations information technology infrastructure. These two tests are known …show more content…
Any time a new security system is implemented it needs to be tested thoroughly. Part of the tests that are performed to ensure that the new or prosed system meets the goals set forth by the organization, is penetration testing. Penetration testing involves security professionals simulating “attacks by a malicious external source” (Whitman & Mattord, 2012, p. 551). These tests allow the security professionals to determine points of failure that may not have been identified in vulnerability testing, as well as the criticality of the items defined in the vulnerability tests. These tests can be performed in one of two ways, either with or without knowledge of the organizations information technology infrastructure. These two tests are known as white-box (with knowledge) or black-box (without) tests (Whitman & Mattord, 2012). Penetration testing can also refer to the probing and breaching of physical security in a test situation. There has been quite a bit of literature written on the subject of penetration testing, discussing primarily methods for performing these tests. Some literature deals with new methods of testing that yield the largest amount of data regarding security flaws, while other papers discuss how to perform penetration testing with the least impact on the organization as a whole. In their 2010 paper for the Annual Computer Security Application Conference, Dimkov and associates discussed how to perform physical penetration using social engineering. Dimkov and