search menu icon-carat-right cmu-wordmark

Penetration Tests Are The Check Engine Light On Your Security Operations

January 2020 White Paper
Allen D. Householder, Dan J. Klinedinst

A penetration test serves as a lagging indicator of a network security operations problem. Organizations should implement and document several security controls before a penetration test can be useful.


Software Engineering Institute


Penetration testing is a way of testing your security controls against realistic attacks. However, it assumes that you have a known set of controls to test. Just as you wouldn't build a vehicle maintenance plan based on the check engine light alone, it's suboptimal to start improving network security operations with a penetration test.