Penetration Tests Are The Check Engine Light On Your Security Operations
January 2020 • White Paper
Allen D. Householder, Dan J. Klinedinst
A penetration test serves as a lagging indicator of a network security operations problem. Organizations should implement and document several security controls before a penetration test can be useful.
Abstract
Penetration testing is a way of testing your security controls against realistic attacks. However, it assumes that you have a known set of controls to test. Just as you wouldn't build a vehicle maintenance plan based on the check engine light alone, it's suboptimal to start improving network security operations with a penetration test.