Penetration Testing
A guide for business and IT managers
Published on 11. September 2019
150 pages
978-1-78017-410-5 (ISBN)
Description
Penetration testing is the attempt to professionally break in to an organisation's computer systems, with the goal of determining whether the systems are secure.
This guide for business and IT managers, developed in collaboration with CREST, explains the process of penetration testing and the benefits it brings. The book provides essential insight and tips for setting up a penetration testing programme, maintaining it, and responding to the results of penetration tests.
This guide for business and IT managers, developed in collaboration with CREST, explains the process of penetration testing and the benefits it brings. The book provides essential insight and tips for setting up a penetration testing programme, maintaining it, and responding to the results of penetration tests.
Reviews / Votes
"This is the first time I've encountered a book which manages to combine properly researched good practice for penetration testing with the real requirements of the business community...The authors really know their stuff and I found myself nodding and smiling many times in every chapter. The case studies and examples are pithy and highly relevant. Concepts such as red teaming and intelligence-led penetration testing are clearly explained and contrasted with other forms of testing, helping demystify this complex topic. Each chapter is well laid out and the guidance provided is exactly what managers need to know to get great value from security testing exercises of all types. Over a dozen expert authors have contributed to this book and the results speak for themselves - this is a must read for those responsible for information security in organisations of all sizes." -- Peter Wood FBCS CITP CISSP M.Inst.ISP * Partner, Naturally Cyber LLP and Founder, First Base Technologies LLP * "This book demystifies the process of penetration testing, making sure buyers of this service get the most value from the engagement. Due to its plain language it is applicable to non-technical readers as well as IT professionals. It can be used as an awareness tool for the company, with everyone involved in the system development/operational lifecycle, including the asset owner. Definitely worth reading!!" -- Denis Onuoha * CISO, Arqiva * 'How do you deliver and get real value out of penetration testing? How do you access and utilise available skills and services to intelligently manage risk, focusing on threats and continuous protection of valuable assets?There are plenty of great books covering technical aspects of penetration testing. This book mainly avoids those, focusing more on its organisation and execution. It points to the guidance of respected organisations, such as CREST and SANS, enabling deeper reading. It highlights red teaming and intelligence-driven approaches - these mature testing, enabling fine-tuning of organisational defences. Coverage includes traditional information systems and cloud services, and assurance within agile delivery methods.
I would have liked to have had this book to hand when I started in infosec twenty years ago. It's a useful reference for managing penetration testing as part of wider information security programmes, and when setting up or running cybersecurity capabilities for clients.' -- Robert J. Lockwood MSc, CISSP, CISM * Director, Fusion Cell * 'A useful introduction to the practice of penetration testing.' -- Dave Hay * Software Engineer, IBM Cloud Hyper Protect Services *
More details
Language
English
Place of publication
Swindon
United Kingdom
Publishing group
BCS Learning & Development Limited
Target group
Professional and scholarly
ISBN-13
978-1-78017-410-5 (9781780174105)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Book
09/2019
BCS, The Chartered Institute for IT
€40.30
Shipment within 3-4 weeks
Persons
The BCS-CREST penetration testing working group are all penetration testing experts from across the security industry. From penetration testers and consultants, to university lecturers specialising in information security, to information security managers, they all have insight to share on preparing, carrying out, and responding to penetration testing.
Content
What is penetration testing?
Successful penetration testing: an overview
Regulatory management for penetration testing
Embedding penetration testing within organisational security policies and procedures
Outcome-led and intelligence-led penetration testing
Scoping a penetration test
Penetration test coverage and simulating the threat
Building organisational capability for penetration testing
Commissioning penetration tests
Selecting tools for penetration testing
Good practice for penetration testing
Role and coverage of reporting
Interpretation and application of report outcomes
Acting on penetration test results
Successful penetration testing: an overview
Regulatory management for penetration testing
Embedding penetration testing within organisational security policies and procedures
Outcome-led and intelligence-led penetration testing
Scoping a penetration test
Penetration test coverage and simulating the threat
Building organisational capability for penetration testing
Commissioning penetration tests
Selecting tools for penetration testing
Good practice for penetration testing
Role and coverage of reporting
Interpretation and application of report outcomes
Acting on penetration test results
