What really happens during penetration testing? Three Crowe professionals detail what to expect in the first of a two-part series.
Penetration testing has become a familiar term in the past few years, but it still generates considerable confusion. Penetration testing – referred to as pen testing or ethical hacking – is specifically required by regulatory agencies in various industries. In addition to being a compliance task, pen testing is a valuable cybersecurity tool. Misunderstandings about pen testing and the various ways in which it can be applied leave many executives wondering, “What should I expect to happen, and what is the value I should expect to derive?” This two-part series will help answer some of those questions.
The process at a glance
Despite its widespread use, the term itself is often misunderstood. In many cases, those responsible for giving final approval to a pen testing plan are not exactly sure what they’re buying – or what to expect when the project begins. What’s more, they often do not have objective criteria for evaluating the completeness and effectiveness of the test, and they do not fully understand what to do with the results.