Whether it’s done to meet compliance requirements or just as a general best practice, most organizations are now testing their own networks for security weaknesses, and if they’re not, they should be. The many different types of tests can be confusing for the uninitiated; we will take a look at the common types with their strengths and weaknesses.
It’s not that fixing Critical and High-Severity vulnerabilities is the problem; it’s that the Medium and Low severity vulnerabilities can pose significant risks as well. For any given vulnerability, we need to distinguish between its severity and the risk that results from it being present on a particular system on our network.
Ideally a penetration test should simulate a real world attack; in the real world, the attacker will always have some objective beyond “get into the network.” No matter who the attacker is, they are motivated by something that they are trying to accomplish – and getting into the network is only one step in that process for the attacker.
Terrorism is changing. The Center for Cyber & Homeland Security at George Washington University is striving to bring science to the art of security decision-making. What can their research into cyberattacks, terrorism and the evolving threat environment do to help your enterprise? Read about this, sports security, security culture and awareness and more in the July issue.