Security Management Programs and Oversight: Pen Testing

Question 1

What is penetration testing?

Answer 1

Penetration testing is often a key element during the audit and assessment phase of a management initiative for a security program.

Question 2

Physical

Answer 2

Physical: Involves authorized individuals attempting to breach an organization’s physical security measures, such as access controls, barriers, and surveillance systems, to assess vulnerabilities and test the effectiveness of its defenses. This process helps identify potential weaknesses that could be exploited by unauthorized individuals seeking unauthorized access to facilities or sensitive areas.

Question 3

Offensive

Answer 3

Offensive: Offensive penetration testing, often referred to as pen testing or ethical hacking, aims to simulate cyberattacks from the perspective of malicious actors. The goal is to identify vulnerabilities and weaknesses that real attackers could exploit.

Simulate cyber attacks

Red Team

Broad Scope

Reporting

Question 4

Defensive

Answer 4

Defensive: Defensive penetration testing, also known as blue teaming or defensive security testing, focuses on evaluating an organization’s existing security controls and incident response capabilities.

Blue team

Focus on Sec Controls

Effectiveness

Tends to be smaller scope

Question 5

Integrated

Answer 5

Integrated: Refers to a combination of both offensive and defensive penetration testing.

Purple Team

Continuous assessment

Customized scenarios

Reporting