So what should you look for when commissioning such a service? The following points are a start, but are not exhaustive:
Qualifications are essential in this highly technical area. For example, the penetration testing company could be a member of CREST (Council of Registered Ethical Security Testers), a trade association based on recognized technical standards and the highest ethical standards.
There are other certification bodies to consider when considering a penetration testing company, such as the new "Tiger Scheme" for advanced professionals, or perhaps the EC-Council CEH (Certified Ethical Hacker), a level certificate CISO-as-a-Service. An individual penetration tester can also be a CHECK consultant, which means that you are licensed to work on UK government projects.
Individual security testers may also be CREST certified. This qualification, unlike others in the field, includes both theoretical and practical exams, making it extremely rigorous.
However, ratings are only part of the picture. When hiring a company, it is particularly important to verify your commitment to the highest ethical standards. A penetration tester can gain access to highly sensitive material, and it would be a serious mistake to hire someone who does not have the best interests of your business at heart. Therefore, you should verify the procedure for the verification of security testers, as penetration testing companies employing former hackers should be avoided.
You should also check if the knowledge of the computer evaluators is up to date. The field of penetration testing is constantly changing, and an active continuous professional development program is essential for any penetration testing consultant who wants to stay current.
Finally, it is always a good idea to ask for references from previous clients. The security test form must be willing to provide it to you or provide you with the contact details of former customers.
No comments:
Post a Comment