Penetration Testing

A guide for business and IT managers

By (author) Nick Furneaux, Dr Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner Edited by James Hayes

Publication date: 30 Aug 2019

Penetration testing is the methodology of professionally attempting to break in to an organisation's systems by exploiting any vulnerabilities, with the goal of determining whether an organisation's computer systems are secure. As hackers and would-be cyber attackers become more brazen, the importance of penetration testing cannot be stressed highly enough. This essential BCS guide for business and IT managers, in collaboration with CREST, explains the process of penetration testing and the benefits it brings. With contributions from practising penetration testers and information security experts, the book brings together a wide range of expertise, insight, and tips for setting up a penetration testing programme, maintaining it, and responding to the results of penetration tests.
Paperback - £29.99
The BCS-CREST penetration testing working group are all penetration testing experts from across the security industry. From university lecturers specialising in information security, to penetration testers and consultants, to information security managers, they all have insight to share on preparing, carrying out, and responding to penetration testing.

Dimensions: 244x170mm

Print ISBN-13: 9781780174082

150 pages

Imprint: BCS, The Chartered Institute for IT

  1. What is penetration testing?
  2. Successful penetration testing: an overview
  3. Regulatory management for penetration testing
  4. Embedding penetration testing within organisational security policies and procedures
  5. Outcome-led and intelligence-led penetration testing
  6. Scoping a penetration test
  7. Penetration test coverage and simulating the threat
  8. Building organisational capability for penetration testing
  9. Commissioning penetration tests 
  10. Selecting tools for penetration testing
  11. Good practice for penetration testing
  12. Role and coverage of reporting
  13. Interpretation and application of report outcomes
  14. Acting on penetration test results 
"This book demystifies the process of penetration testing, making sure buyers of this service get the most value from the engagement. Due to its plain language it is applicable to non-technical readers as well as IT professionals. It can be used as an awareness tool for the company, with everyone involved in the system development/operational lifecycle, including the asset owner. Definitely worth reading!!”

Denis Onuoha
CISO, Arqiva