This definition is a great example members of audit and compliance teams use when defining a penetration test.<\/p>\n
Management processes identify the applicable requirements (defined for example in laws, regulations, contracts, strategies and policies) and assess the state of compliance. Melding the two together does not make for a happy or successful marriage. This presentation will discuss the pitfalls of penetration tests conducted to meet compliance requirements. Also highlighted will be suggestions and methods to ensure a compliance based penetration test is more than just checking a box on a risk management questionnaire. The compliance regulation used as the example will be the Payment Card Industry Data Security Standard (PCI-DSS).
\n
\nThis presentation also focuses on how to properly conduct a Penetration Test. A proper test can be summed up by the following quote:<\/p>\n
Successful penetration testers don’t just throw a bunch of hacks against an organization and regurgitate the output of their tools. Instead, they need to understand how these tools work in-depth, and conduct their test in a careful, professional manner. This course explains the inner workings of numerous tools and their use in effective network penetration testing and ethical hacking projects. <\/em> – Ed Skoudis<\/a><\/p>\n As part of Cyber Security Awareness Day<\/a> at Kennesaw State University I gave a presentation on this topic. The presentation can be found here<\/a><\/p>\n Resources What is a penetration Test? According to the National Institute of Standards and Technology (NIST) a penetration test is defined as the following: A test methodology in which assessors, using all available documentation (e.g., system design, source code, manuals) and working under specific constraints, attempt to circumvent the security features of an information system. – […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[6],"tags":[148,56,54],"class_list":["post-1075","post","type-post","status-publish","format-standard","hentry","category-fyi","tag-compliance","tag-penetration-testing","tag-presentation"],"_links":{"self":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/1075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/comments?post=1075"}],"version-history":[{"count":6,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/1075\/revisions"}],"predecessor-version":[{"id":1081,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/posts\/1075\/revisions\/1081"}],"wp:attachment":[{"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/media?parent=1075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/categories?post=1075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jedge.com\/wordpress\/wp-json\/wp\/v2\/tags?post=1075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![](\"http:\/\/ksutv.kennesaw.edu\/images\/events\/00030081.jpg\")
<\/a><\/p>\n
\nhttps:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-53a\/rev-1\/archive\/2010-06-29<\/a>
\nhttps:\/\/pen-testing.sans.org\/instructors\/author<\/a>
\nhttp:\/\/ksutv.kennesaw.edu\/play.php?v=00030081<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"