Penetration Testing
Systems Services
- SSAE 16 Resource Center
- SAS 70 Resource Center
- Risk Management Assessment
- SOX 404 IT Controls
- Outsourced Information Technology Internal Auditor
- IT General Controls Review
- Network Vulnerability Assessment
- Agreed-Upon Procedures Engagements
- Auditing Application Controls
- Audit Support for IT General & Application Controls
- Penetration Testing
- TR-39 (formerly TG-3) ATM Audit
- IT Infrastructure
What do you think of when you hear the word “hacker?” For most, the word congers up images of someone breaking into a computer system or network with malicious intent. However, not all hackers are bad. At PKM we have “Good” hackers that can identify and report your computer network security vulnerabilities to management, hopefully before weaknesses are exploited and bad hackers can do harm.
The procedures used by our “good” hackers attempting to successfully break into computer systems are called penetration tests (PenTests). A PenTest is the authorized, scheduled and systematic process of identifying and exploiting known security vulnerabilities with the primary objective of gaining access to a computer host, network or application.
A PenTest by PKM creates a profile of your organization’s systems that can be “seen” from the Internet. This profile is an important indicator of your organization’s vulnerability to hacker attack. A PenTest will not only enlighten you on the systems that can be attacked, but also the information potential hackers can gain from these systems.
The main steps of a PenTest:
- Footprinting: identify public IP addresses hackers may target
- Subnet Scanning: identify systems within those IP addresses that may be potential targets for hackers
- Enumeration: gather information about the available attack routes
- Vulnerability Scan: audit discovered systems for known vulnerabilities
- Gaining Access: penetrate systems and define potential attack impact
- Collecting Evidence: document a successful unauthorized access or attack
- Recommendations: educate on how to eliminate, mitigate or minimize impact of exploits for detected vulnerabilities
Under the current regulatory environment, periodic
PenTests are an integral part of an organization’s
information security program. Penetration testing
plays an essential role in mitigating risks associated
with network and systems vulnerabilities and demonstrating
due diligence in the area of information technology
governance.
Follow this link to see PKM's PenTest postcard series.
| About
Us | People | Services
| Industries | Careers
| Site Map | Home |
Events |
Contact Us |
Copyright 2011. All rights reserved. Secure
Document Transfer or Secure Payment Processing
