Penetration Testing

A guide for business and IT managers

By (author) Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner Edited by James Hayes

Publication date:

11 September 2019

Length of book:

172 pages

Publisher

BCS, The Chartered Institute for IT

Dimensions:

244x170mm
7x10"

ISBN-13: 9781780174082

Penetration testing is the attempt to professionally break in to an organisation's systems by exploiting any vulnerabilities, with the goal of determining whether an organisation's IT systems and resources are secure. As hackers and would-be cyber attackers become increasingly more brazen, penetration testing has become an essential practice. This BCS guide for business and IT managers, developed in collaboration with CREST, explains the process of penetration testing and the benefits it brings. With contributions from practising penetration testers and information security experts, the book brings together a wide range of expertise, insight, and tips for setting up a penetration testing programme, maintaining it, and responding to the results of penetration tests.

What is penetration testing?
Successful penetration testing: an overview
Regulatory management for penetration testing
Embedding penetration testing within organisational security policies and procedures
Outcome-led and intelligence-led penetration testing
Scoping a penetration test
Penetration test coverage and simulating the threat
Building organisational capability for penetration testing
Commissioning penetration tests
Selecting tools for penetration testing
Good practice for penetration testing
Role and coverage of reporting
Interpretation and application of report outcomes
Acting on penetration test results

"This is the first time I’ve encountered a book which manages to combine properly researched good practice for penetration testing with the real requirements of the business community...The authors really know their stuff and I found myself nodding and smiling many times in every chapter. The case studies and examples are pithy and highly relevant. Concepts such as red teaming and intelligence-led penetration testing are clearly explained and contrasted with other forms of testing, helping demystify this complex topic. Each chapter is well laid out and the guidance provided is exactly what managers need to know to get great value from security testing exercises of all types. Over a dozen expert authors have contributed to this book and the results speak for themselves – this is a must read for those responsible for information security in organisations of all sizes."