Bringing business to the Web is in and of itself risky business, just through the act of taking data from the inside network to the outside network. Data that was once protected by routers and firewalls is brought through the layers of security with remote procedure calls and database queries and made available to the public network. Part one of this series provided a general discussion of ROSI (Return on Security Investment) and likened performing penetration testing to having a health physical. Part two focused on defining penetration testing as a subset of a security assessment, by introducing information asset valuation and risk management concepts. Part three discussed asset valuation, risk analysis, the need for layered security, the reality of today's complex information systems, and argued the value of Pen Testing. In this, the last article of the series, we will discuss a Pen Test process and make final assertions about how ROSI can be shown.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
