1.5. Engaging a Penetration Testing Team
This chapter covers the basics of physical penetration and its goals. You may be reading this with the intention of engaging a company to carry out a physical test. Before you read any further you should consider the costs, potential benefits and limitations associated with such an exercise. Is this really something you need? Is it really something that your organization will benefit from? Other questions you should ask yourself are these:
Do you currently have an all-encompassing security policy?
Are you auditing against that policy?
What do you wish you learn from the exercise?
Are there specific areas you lack confidence in and want tested?
Should the test be black box or crystal box?
How do you expect your organization to fare?
Are you engaging a test to justify additional security budget?
If you don't have a security policy, then implementing one should be your priority. If you don't expect to perform very well in the test, consider why this is and implement additional security controls in these areas. If you don't feel you have sufficient budget and are looking to boost it with demonstrable security weaknesses then don't worry, you're not alone. In fact, this is the number one reason that companies engage in any form of penetration test for the first time.
Get Unauthorised Access: Physical Penetration Testing For IT Security Teams now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
