Answer:
Compliance should actually be viewed as a by-product rather than the end-product. When planning your information security efforts, the goal should be the security of your information assets. Ethical hacking (also called penetration testing) is a critical component of attaining that goal. Penetration testing is like hiring a thief and asking him to try and break into your house so you know how vulnerable your house is to theft. While no organization can do business if it poses as a fully locked house, the goal is to only keep the yard open for business while protecting the inside of the house so that your most precious assets are not vulnerable to thieves. If you can diligently address the vulnerabilities and holes uncovered from periodic penetration tests, you will have increased your organization's security, as well as your level of compliance.
First published on BankersOnline.com 3/16/09
print
share