CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits

By James S. Tiller

CISO's advisor to Penetration checking out: A Framework to plot, deal with, and Maximize advantages details the methodologies, framework, and unwritten conventions penetration assessments may still hide to supply the main price in your association and your buyers. Discussing the method from either a consultative and technical point of view, it offers an outline of the typical instruments and exploits utilized by attackers in addition to the reason for why they're used.

From the 1st assembly to accepting the deliverables and realizing what to do with the consequences, James Tiller explains what to anticipate from all stages of the trying out existence cycle. He describes the best way to set attempt expectancies and the way to spot a very good try from a nasty one. He introduces the enterprise features of checking out, the imposed and inherent boundaries, and describes tips to care for these boundaries.

The ebook outlines a framework for shielding personal info and safety pros in the course of trying out. It covers social engineering and explains the best way to song the plethora of thoughts to top use this investigative instrument inside of your personal atmosphere.

Ideal for senior protection administration and a person else accountable for making sure a legitimate protection posture, this reference depicts quite a lot of attainable assault situations. It illustrates the total cycle of assault from the hacker’s standpoint and provides a accomplished framework that can assist you meet the goals of penetration testing―including deliverables and the ultimate report.

Show description

Preview of CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits PDF

Similar Security books

Cyber War: The Next Threat to National Security and What to Do About It

Writer of the number one big apple occasions bestseller opposed to All Enemies, former presidential consultant and counter-terrorism professional Richard A. Clarke sounds a well timed and chilling caution approximately America’s vulnerability in a terrifying new foreign conflict—Cyber conflict! each involved American may still learn this startling and explosive e-book that gives an insider’s view of White apartment ‘Situation Room’ operations and incorporates the reader to the frontlines of our cyber safeguard.

Hacking Exposed: Network Security Secrets and Solutions, Sixth Edition

The world's bestselling laptop safeguard book--fully improved and updated"Right now you carry on your hand essentially the most profitable protection books ever written. instead of being a sideline player, leverage the precious insights Hacking uncovered 6 offers to assist your self, your organization, and your nation struggle cyber-crime.

Information Security: The Complete Reference, Second Edition

Enhance and enforce an efficient end-to-end safety application Today’s complicated global of cellular systems, cloud computing, and ubiquitous information entry places new defense calls for on each IT specialist. info safety: the total Reference, moment version (previously titled community protection: the full Reference) is the single complete publication that provides vendor-neutral information on all features of knowledge defense, with an eye fixed towards the evolving probability panorama.

Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition

State of the art innovations for locating and solving serious defense flaws toughen your community and avoid electronic disaster with confirmed options from a group of safeguard specialists. thoroughly up to date and that includes 12 new chapters, grey Hat Hacking: the moral Hacker's guide, Fourth version explains the enemy’s present guns, abilities, and strategies and provides field-tested treatments, case reports, and ready-to-deploy checking out labs.

Additional resources for CISO's Guide to Penetration Testing: A Framework to Plan, Manage, and Maximize Benefits

Show sample text content

Felony regulations despite felony documentation installed position to guard the tester from regular actions that less than common situations will be thought of unlawful, a digital line continues to be setting apart the common assault technique from an act of terrorism. for instance, there's a enormous step among fitting a Trojan on a distant procedure and liberating a computer virus on the net. there's a distinction among a tester settling on a vulnerability that has the capability to close down a urban strength grid and really exploiting the vulnerability. it's uncertain there exists any criminal documentation which could stand up to the intentional act of perceivable terrorism or entire negligence on behalf of the tester in a court docket of legislation. Any assault that has the possibility of severe harm or own damage, or negatively impacts folks or companies, is a line a expert can't pass, and commonly he operates to some degree good sooner than the digital line among applicable and devastation. in fact, this limit doesn't follow to a hacker who may visit any size to procure her objective. hence, the felony ramifications for hacking—at least till recently—are negligible and characterize a minor deterrent to the hacker. the one redeeming function is that a few of the extra atrocious acts include a considerable expense if the hacker is stuck, decreasing the likelihood of vast, devastating assaults, yet now not 127 eliminating them altogether. hence, the tester could have the preliminary virtue and luxury in figuring out he's safe whereas acting a number of the assessments, however the volume to which a specialist is keen to take advantage of a vulnerability is far lower than what a decided hacker may do. The preliminary criminal virtue can quick turn into an highbrow drawback. Ethics In each professional’s occupation he's at one element confronted with a predicament that forces a choice dependent exclusively on his ethics. it truly is secure to assert that protection specialists have ethics in how they paintings with consumers and others within the undefined. With the shortcoming of ethics, as with hackers, there are not any barriers to the level they're keen to visit accomplish a project. with no a few type of strength of will, the restrict is simply outlined through the readiness to show one’s self to dangers. at the floor, hazards are being stuck and going to reformatory, yet extra severe examples can comprise the demise, as with terrorists. At its most elementary point, something is feasible if the attacker is ready to probability every little thing, and in a brain without ethics, there is not any logical governance. Imposed barriers the power to achieve the real price of a penetration try is proportionate to the objective organization’s interpretation of defense and the way these assumptions are translated into regulations put on the attempt. barriers could be brought by way of the client for plenty of purposes which can variety from monetary regulations, which strength much less time and inherently decrease the scope of the engagement, to regulations established 128 simply on political positioning, own views on safeguard, or a faulty try to concentration the try.

Download PDF sample

Rated 4.02 of 5 – based on 30 votes