Click here to load reader
Upload
core-security
View
18
Download
1
Embed Size (px)
DESCRIPTION
Vulnerabilities • Vulnerabilities represent potential damage • Difficult to use in convincing arguments • Provide the opportunity to accept risk without pain Penetration Testing • The ability to exploit a vulnerability removes ambiguity • Successful exploits demonstrate tangible consequences to the business • Almost all penetration tests expose unauthorized access to data The Key to Successful Risk Management • The ability to demonstrate tangible consequences of risk acceptance • Effective penetration testing makes accepting risk uncomfortable • The combination of identified vulnerabilities and demonstrated exploitation provide a persuasive argument against risk acceptance Phased Approach • Resistance to penetration testing can be overcome over time • Start in the lab • Move to non essential systems • Build trust to test critical production systems Penetration Testing Should Not be Optional • Vulnerability assessment without penetration testing only reveals part of the problem • Don’t force yourself to make a convincing argument for security without one of the most persuasive tools Learn more at http://www.coresecurity.com/solutions/consolidating-prioritizing-vulnerabilities
Citation preview
P A G E © 2 0 1 4 C o r e S e c u r i t y
Closing the Loop on Vulnerability Management
P A G E © 2 0 1 4 C o r e S e c u r i t y
Vulnerabilities
• Vulnerabilities represent potential damage • Difficult to use in convincing arguments • Provide the opportunity to accept risk without pain
P A G E © 2 0 1 4 C o r e S e c u r i t y
Penetration Testing
• The ability to exploit a vulnerability removes ambiguity • Successful exploits demonstrate tangible consequences to the
business • Almost all penetration tests expose unauthorized access to
data
P A G E © 2 0 1 4 C o r e S e c u r i t y
The Key to Successful Risk Management
• The ability to demonstrate tangible consequences of risk acceptance
• Effective penetration testing makes accepting risk uncomfortable
• The combination of identified vulnerabilities and demonstrated exploitation provide a persuasive argument against risk acceptance
P A G E © 2 0 1 4 C o r e S e c u r i t y
Phased Approach
• Resistance to penetration testing can be overcome over time • Start in the lab • Move to non essential systems • Build trust to test critical production systems
P A G E © 2 0 1 4 C o r e S e c u r i t y
Penetration Testing Should Not be Optional
• Vulnerability assessment without penetration testing only reveals part of the problem
• Don’t force yourself to make a convincing argument for security without one of the most persuasive tools