Today’s post is all about Control 20 of the CSIS 20 Critical Security Controls – Penetration Tests and Red Team Exercises (the last post pertained to Control 19). Here I’ll explore the (15) requirements I’ve parsed out of the control (I used the PDF version) and offer my thoughts on what I’ve found [*].
Key Take Aways
Contract If You Can. My bet is that most organizations don’t need to hire a dedicated penetration testing team. Some do. My recommendation is to find a reputable group of people that do this day in and day out. Have some internal security guys geek out with the red team for a while before, during, and after – they’ll learn from it. But, you’ll probably get more for your dollar by outsourcing this function. Take this with a grain of salt, because your organizational mission and/or industry may dictate otherwise.
SOURCE: tripwire.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
There are a number of commonly used verification tools out…
Phishing remains a relentless and highly effective cybersecurity threat. Despite…
Each year, Cybersecurity Awareness Month serves as a valuable reminder…
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…