Security Testing
All networks have vulnerabilities, or flaws in hardware or software that allow an attacker to access your data or take control of your systems.
Find them before an attacker does.
Vulnerability Assessment
Utilizes specialized software to scan a network against a database of known vulnerabilities to enable correction. All networks require periodic scans, usually weekly of monthly. A re-scan is especially important after any network changes.
Frequency: Weekly or Monthly, and after any network change.
Time required: 24 to 72 hours
Penetration Testing
Real world simulation of actual attacks on a network. Required for high security networks. It must be performed manually by a specialist knowledgeable in attack methodologies. Some companies claim to utilize automated penetration testing software, but it’s really just an expensive deep vulnerability scan.
Frequency: Yearly, and after any major network change.
Time required: 1 to 4 weeks
Social Engineering Testing
Tests staff effectiveness against social engineering attacks such as phishing and whaling. Should be used as a reinforcement tool in conjunction with staff cyber defense training. Arguably the most important of all the security efforts. Training and testing of staff must be an ongoing process.
Frequency: Monthly training, and periodic surprise testing.
Time requirement: a few days, then periodic.
