Information security audit – is an independent evaluation of the current state of information security system. It establishes the level of compliance with particular criteria and provides results in the form of recommendations.
IS audit allows getting the most comprehensive and objective evaluation of information system security, localize problems and develop an effective IS management system building program organization.
Within the IS audit, or as a separate project, dedicated testers can carry out penetration test service to verify company information system's ability to resist attempts to infiltrate your network and unauthorized exposure to information.
Penetration testing is needed to identify the possible scenario of penetration into the network with the achievement of different goals (capture or administrative rights in the domain database, creating traces of an attacker compromising critical systems).
Penetration testing allows you to get an objective assessment of how easy it is to exercise unauthorized access to resources on the corporate network or website of your company, how, through what vulnerabilities or through any flaws in the system.
Conducting penetration testing allows you to test the level of security systems and the level of maturity of the ISMS.
External penetration test is performed from the public networks and simulates the behavior of the attacker, who attacks from the Internet (using social engineering, and without it).
External penetration tests vary in scope initially provided information specialist, performing the test.
No comments:
Post a Comment