Penetration Testing Services

Internal/External Penetration Testing

A penetration test is a method of evaluating the security of a computer system, network or application by simulating an attack by a malicious hacker. The process involves an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security vulnerabilities. Penetration testing can be performed outside the external security perimeter or internal to the external security perimeter.

What can penetration testing do for you?

Penetration testing helps an organization to realistically evaluate the strength of its security management program and identifies the areas for improvement in people, processes and technology that are necessary to keep hackers and thieves from gaining access to, modifying or destroying confidential information. ControlCase’s Penetration Testing services help our clients improve their security management program more rapidly and cost effectively.

ControlCase Penetration Testing Services

ControlCase Penetration Testing Services are flexible and can be tailored to meet specific client requirements. Our overall methodology is modeled after the Open Source Security Testing Methodology Manual (OSSTMM), an open standard that is a peer-reviewed, comprehensive security testing methodology besides a tried and tested method of security assessment.

The scope of our testing addresses: computer and telecommunications networks; information data controls; wireless devices; mobile devices; security processes; fraud; security awareness levels; social engineering control levels; physical security access controls; and physical locations.

All security issues that are identified are presented to the client together with an assessment of impact and recommendations for mitigation or a technical solution.

Client Benefits

• The ControlCase External Penetration Test simulates an external attacker on the Internet and determines what information an attacker can gather and use to compromise the client’s network.
• The ControlCase Internal Penetration Test serves as an objective and independent verification and validation of the effectiveness of the organization’s information security program.
• Our service is designed to help client comply with industry-driven regulatory requirements and standards such as PCI DSS, ISO 27002 and HIPAA.
• Our services are enabled using the CC-GRC portal which provides our clients with the ability to closely monitor engagement progress.

Service Frequency

ControlCase Penetration Testing Services can be performed as a standalone service or can be bundled with other ControlCase Managed Compliance Services as desired.

Penetration tests can be a one-time project or can be scheduled to occur multiple times a year on a routine cycle. Each test is preceded by confirmation from our MCS team regarding the scope of the test.