Description
You have recently joined Saudi-Technic, a premier security-consulting firm just outside of Riyadh, Saudi Arabia. Saudi-Technic has been approached by a large manufacturing company in Medina to evaluate and test the security of its network. However, the job is not without its challenges. While the information technology (IT) director understands the value and need for a security and penetration test, other individuals in upper management do not.
You have been asked to prepare a presentation to describe what penetration is and the value that it brings to the organization.
Deliverables:
Prepare and submit a presentation briefing in Microsoft Word. This should be geared towards a non-technical executive management team.
The briefing should include the following elements:
- A description and overview of penetration testing.
- The value of penetration testing to the organization.
- Demonstrate with case studies, relevant media or news events, etc. use at least two examples from the Middle East.
- A description of at least four types of security tests that will be provided.
- An explanation of how the results of the penetration test will help improve security.
- The cost efficiency and reliability of the system after the pen test
- Conclusion
The presentation briefing should be 6-7 pages in length, not including the title and reference pages, and should cite at least six scholarly resources other than the course materials. Be sure to cite and reference all sources used. Your paper should follow the academic writing standards and APA style guidelines, as appropriate.
It is strongly encouraged that you submit all assignments to the Turnitin Originality Check prior to submitting it to your instructor for grading. The similarity should be less than 20%
Explanation & Answer
Find the completed work
Running Head: THE VALUE OF PENETRATION TESTING TO AN ORGANIZATION
The Value of Penetration Testing to an Organization
Name
Instructor’s Name
Institutional Affiliation
Course Code
Date
1
THE VALUE OF PENETRATION TESTING TO AN ORGANIZATION
The Value of Penetration Testing to an Organization
Introduction
It is vital that an organization safeguards its intellectual property. The organization is
mandated to secure both the company’s and client’s information from malicious attacks. My
new job at Saudi Arabia based company known as Saudi-Technic is to provide information to
evaluate and test the security of the network of a manufacturing company in Medina. One of
my recommendations is penetration testing. The management of the company, however, does
not understand the value of penetration. Penetration testing is one of the most applicable
solutions that tests and confirms the level of security of an organization’s IT systems and
infrastructure. The purpose of this essay is to answer the question of whether penetration is
worth it. It seeks to enable the management to understand the value of penetration testing.
What is a Penetration Test?
A penetration test refers to the process of exploiting uncovered vulnerabilities that an
organization’s IT assets and systems might be exposed to. It is a security investment that is
meant to assess the security of an organization. Penetration testing is more about breaking
into the network of a company (Engebretson, 2013). The company will hack into the Medina
based manufacturing company to see if it will bypass detection so as to gain measures
necessary to strengthen the security of the organization. Penetration testing detects and
exploits the susceptibilities of an organization by compromising the security of an
organization. It is part of the solution to an existing problem as it replicates the threats to an
organization. The result is that the organization will be able to understand the threats relevant
to its systems and IT assets and will seek ways to improve the systems.
2
THE VALUE OF PENETRATION TESTING TO AN ORGANIZATION
Importance of Penetration Test
An organization should always work on not only solving the problems they have but
should also focus on what they do not have. The management of Saudi-Technic is not
receptive of penetration tests as they are unsure whether the test addresses a need when the
need does not solve the problem. The answer lies in the fact that that the Medina based
manufacturing company does not have a problem but has a need in understanding the degree
of its security so that it can strengthen its systems and seal any loops. In addition to boosting
the security of a company, penetration testing allows one to prioritize their resources and
subsequently brings certainty to the organization. This is due to the fact that they give a
perspective on the technical risk the company is in. The organization will get a customized
view to the prevalent risks the company is susceptible to. With the results of the tests, the
company will be able to prioritize the threats so as to seek solutions to the threats that are
most likely to negatively breach the security of the organization. This is because the pertinent
issues brought forth by the penetration tests are ranked in accordance to its severity. This
means that the organization will give credence to the more severe risks (Basta, A., Basta, N.,
Brown, 2013). The result is that the organization will save money handling issues that present
the highest risk rather than spending time and money on preventing risks that do not even
affect the organization in any way.
An organization has to test its cyber security systems in order to understand how well
the business will respond to the threats posed by hackers. A penetration test differs from a
security audit in that in as much as a security audits assess the trends and potential
vulnerabilities, a penetration tests goes the extra mile to ascertain how precisely the system
will behave in the event there is a breach to the systems (Bacudio, Yuan, Chu, Jones, 2011).
It is vital for a business to comprehend and understand how detrimental an attack may be and
3
THE VALUE OF PENETRATION TESTING TO AN ORGANIZATION
how to prevent them before they occur. Penetration testing will enable the Medina based
manufacturing company to take note of high risk vulnerabilities that may be noted after a
certain sequence of low risk vulnerabilities have been assessed.
Case Studies that Confirm the Success of Penetration Testing
A penetration test can be equated to a health check whereby a person does not know
what he or she is ailing from until a physician checks. Understandably, most reputable
companies do not like security companies broadcasting the nature of the susceptibilities
identified in their systems. For instance, no one would wan...
Review
Review
