Testing The Intrusion Testers

Question:

Is there a way to determine whether or not an intrusion test provider has adequately tested a system? Are there specific prescribed procedures, methods or tests that should be used?

Answer:

For the most part, you have to rely upon the experience and expertise of the intrusion test provider, unless you have sufficient knowledge about the process to double-check.

Find out from the intrusion test provider what they did and how they did it. Have them explain their methodology, as well as the results.

The most important thing, however, is to do thorough due diligence up front so that you are certain the service provider you choose is competent and knowledgeable.

First published on BankersOnline.com 10/7/02

Testing The Intrusion Testers

Related Q&As

Red Flag Program as Part of Information Security Program

About a Separate Identity Theft Prevention Program

Man-in-the-Browser

Related Tools View All

Privacy Police Tools

Clean Desk Policy & Privacy Citation and Commendation

Information Security Access Assessment

OFAC Updates View All

Sanctions List Search

Specially Designated Nationals List (SDN)

Sanctions Programs and Information

Search Topics