Artwork

İçerik qpcsecurity tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan qpcsecurity veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.
Player FM - Podcast Uygulaması
Player FM uygulamasıyla çevrimdışı Player FM !

The Real Skinny on Penetration Testing: Debunking the Myths

19:03
 
Paylaş
 

Manage episode 434463233 series 2981977
İçerik qpcsecurity tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan qpcsecurity veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

Welcome to Breakfast Bytes with Felicia King. Today, we delve deep into the often-misunderstood realm of penetration testing. As business owners grapple with the necessity and costs associated with these tests, Felicia demystifies the process, drawing from her three decades of cybersecurity expertise.

In this episode, discover why traditional penetration testing might just be a costly theater act and learn the importance of continuous vulnerability assessments. Felicia shares compelling anecdotes and practical advice on how to genuinely safeguard your business without burning through your budget.

Join us as we explore the intricate dance between IT teams, automated tools, and the critical decisions that can make or break your company's security posture. This is not just another tech talk; it’s a narrative that could redefine how you view cybersecurity investments.

Quick recap

Felicia emphasized the importance of understanding the objectives of the test, and cautioned against overpaying for tests that may not be necessary or effectively scoped.

Next steps

• IT team to implement continuous vulnerability assessment and penetration testing platforms for regular, automated security checks.

• CTO/CSO to assess and oversee the implementation of security tools like Tenable One and Senteon for secure configuration management.

• Executive management team to allocate budget and provide support for IT department/MSP to implement necessary security changes and tools.

Summary

Test Scope and IT Consultancy Management

Felicia also advised that the test should be scoped correctly and conducted by the IT consultancy that manages the company's networks, servers, and applications. She cautioned against overpaying for tests that may not be necessary or effectively scoped.

External Testing Approach and Cots Definition

She argued that the approach of bringing in an external third party to conduct a test without proper consultation and scope can lead to incorrect results. She emphasized that this approach would be more effective in identifying and addressing vulnerabilities, and would provide demonstrable results. Felicia also clarified the term 'COTS' as defined by the National Institute of Standards and Technology in the context of information security technology.

Enhancing IT Configuration for Business Acquisition

She argues that this approach provides more meaningful and actionable information, enabling IT configuration personnel to effectively address identified gaps. Felicia also highlights the importance of using recognized and professional tools like Tenable One and Senteon for secure configuration management. She emphasizes that this approach offers a better return on security investment and is more beneficial for businesses seeking to be acquired.

IT Testing and Business Decision Makers' Guidance

She suggests that business decision makers should provide clear direction and funding for IT before such tests are conducted.

  continue reading

90 bölüm

Artwork
iconPaylaş
 
Manage episode 434463233 series 2981977
İçerik qpcsecurity tarafından sağlanmıştır. Bölümler, grafikler ve podcast açıklamaları dahil tüm podcast içeriği doğrudan qpcsecurity veya podcast platform ortağı tarafından yüklenir ve sağlanır. Birinin telif hakkıyla korunan çalışmanızı izniniz olmadan kullandığını düşünüyorsanız burada https://tr.player.fm/legal özetlenen süreci takip edebilirsiniz.

Welcome to Breakfast Bytes with Felicia King. Today, we delve deep into the often-misunderstood realm of penetration testing. As business owners grapple with the necessity and costs associated with these tests, Felicia demystifies the process, drawing from her three decades of cybersecurity expertise.

In this episode, discover why traditional penetration testing might just be a costly theater act and learn the importance of continuous vulnerability assessments. Felicia shares compelling anecdotes and practical advice on how to genuinely safeguard your business without burning through your budget.

Join us as we explore the intricate dance between IT teams, automated tools, and the critical decisions that can make or break your company's security posture. This is not just another tech talk; it’s a narrative that could redefine how you view cybersecurity investments.

Quick recap

Felicia emphasized the importance of understanding the objectives of the test, and cautioned against overpaying for tests that may not be necessary or effectively scoped.

Next steps

• IT team to implement continuous vulnerability assessment and penetration testing platforms for regular, automated security checks.

• CTO/CSO to assess and oversee the implementation of security tools like Tenable One and Senteon for secure configuration management.

• Executive management team to allocate budget and provide support for IT department/MSP to implement necessary security changes and tools.

Summary

Test Scope and IT Consultancy Management

Felicia also advised that the test should be scoped correctly and conducted by the IT consultancy that manages the company's networks, servers, and applications. She cautioned against overpaying for tests that may not be necessary or effectively scoped.

External Testing Approach and Cots Definition

She argued that the approach of bringing in an external third party to conduct a test without proper consultation and scope can lead to incorrect results. She emphasized that this approach would be more effective in identifying and addressing vulnerabilities, and would provide demonstrable results. Felicia also clarified the term 'COTS' as defined by the National Institute of Standards and Technology in the context of information security technology.

Enhancing IT Configuration for Business Acquisition

She argues that this approach provides more meaningful and actionable information, enabling IT configuration personnel to effectively address identified gaps. Felicia also highlights the importance of using recognized and professional tools like Tenable One and Senteon for secure configuration management. She emphasizes that this approach offers a better return on security investment and is more beneficial for businesses seeking to be acquired.

IT Testing and Business Decision Makers' Guidance

She suggests that business decision makers should provide clear direction and funding for IT before such tests are conducted.

  continue reading

90 bölüm

Minden epizód

×
 
Loading …

Player FM'e Hoş Geldiniz!

Player FM şu anda sizin için internetteki yüksek kalitedeki podcast'leri arıyor. En iyi podcast uygulaması ve Android, iPhone ve internet üzerinde çalışıyor. Aboneliklerinizi cihazlar arasında eş zamanlamak için üye olun.

 

Hızlı referans rehberi