Whether it’s done to meet compliance requirements or just as a general best practice, most organizations are now testing their own networks for security weaknesses, and if they’re not, they should be. The many different types of tests can be confusing for the uninitiated; we will take a look at the common types with their strengths and weaknesses.
It’s not that fixing Critical and High-Severity vulnerabilities is the problem; it’s that the Medium and Low severity vulnerabilities can pose significant risks as well. For any given vulnerability, we need to distinguish between its severity and the risk that results from it being present on a particular system on our network.
Ideally a penetration test should simulate a real world attack; in the real world, the attacker will always have some objective beyond “get into the network.” No matter who the attacker is, they are motivated by something that they are trying to accomplish – and getting into the network is only one step in that process for the attacker.
The 1995 bombing of the Alfred P. Murrah Federal Building in downtown Oklahoma City, OK, changed the state of Oklahoma and the country as a whole forever, but it didn’t stop businesses and families from calling it home, including GE’s new Oil & Gas Technology Center (OGTC), in Oklahoma City. Learn how the OGTC is a shining example of high-tech security with GE’s historically customer centered beliefs and strategy. Also in this issue: why smart cards are increasingly being embedded into mobile devices and wearables, what role certifications play in your career, and much more!