CSW S1, E36 - What Is Penetration Testing and Why Is It Important?

CSW S1, E36 - What Is Penetration Testing and Why Is It Important?
Fred Cobb – CISO and VP of Services, InfoSystems
Garrett Boyd – vCIO and Security Engineer, InfoSystems

This episode of the Cybersecurity Weekly Podcast is Part 20 of our series on the Center for Internet Security Top 20 Controls. Here's a quick list of where we're at:

Basic CIS Controls 1-6
Foundational CIS Controls 7-16
Organizational CIS Controls
17. Implement a Security Awareness and Training Program
18. Application Software Security
19. Incident Response and Management
20. Penetration Tests and Red Team Exercises

In this episode, Fred and Garrett discuss the last CIS Control, Penetration Tests and Red Team Exercises. This control focuses on testing the security measures already in place within your organization. Penetration Tests and Red Team Exercises are most impactful when a company has taken action against the first 19 CIS Controls (following the CIS Top 20 Cybersecurity Controls).

How often does your organization test its defense strength? Its defenses include its technology (i.e. firewall, anti-virus), infrastructure (i.e. policies, programs), and people. If your organization has never tested its defense strength, now is a good time to consider it. This episode explores two ways you can test your organization's defense strength: Penetration Testing and Red Team Exercises. These practices imitate cyber-attacks, look at attacker's objectives and actions, and search for your organization's vulnerabilities. These exercises are educational for any organization and provide valuable insight.

You can implement these CIS controls yourself, but it may cost you a substantial amount of time, money, and effort. There are Cybersecurity experts who specialize in getting these controls set up for hundreds of organizations.

Listen to the full episode to learn how your business can begin following the Center for Internet Security Top 20 Controls and make your company more secure.

More Information
We'd love to hear your feedback. If you have any questions, you can text us at 423-697-9528 or email marketing@infosystems.biz.

This episode discusses the final control of the CIS (Center for Internet Security) "Top 20 Controls." The Top 20 Controls are a set of prioritized best practices designed to help organizations protect themselves from cyber-attacks. It is a framework for every organization, whether you have a full department of IT support or don't have security programs or measures in place. You can learn more about the 20 CIS Controls here.

See the break-down of these CIS Controls' Sub-Controls here.

Discover how other organizations are using these controls here.

Download the CIS Controls for more details on implementing this and the other 19 Controls here.