Penetration testing was all we heard about during the Internet boom, but the craze seems to have waned over the past few years. This form of assessing information risks -- now with the 21st century moniker of ethical hacking -- is making a comeback. People are starting to see that thinking like hackers to protect against hackers is a solid part of an overall information risk management program.
Rather than hashing out the same ethical hacking pros and cons we've seen documented over the years, I want to share with you 10 lessons I've learned from both my own experiences as well as from watching others succeed and fail. Hopefully you can use a tip or two to get the most bang for your ethical-hacking buck.
If you can incorporate into your ethical hacking efforts even just a few of these 10 lessons I've learned over the years, I know they'll make your job as a security manager a little easier; after all, every little bit counts.
Ab
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com

out the author
Kevin Beaver, CISSP, is president of the Atlanta-based information security consulting firm Principle Logic, LLC. He is the author of the new book Ethical Hacking for Dummies by John Wiley and Sons. In addition, he is co-author of the new book The Practical Guide to HIPAA Privacy and Security Compliance by Auerbach Publications as well as author of the book The Definitive Guide to E-mail Management and Security by Realtimepublishers.com. Kevin is a columnist and expert advisor for SearchSecurity.com and serves as Secretary of InfraGard Atlanta. He earned a bachelor's degree in Computer Engineering Technology from Southern Polytechnic State University and a master's degree in Management of Technology from Georgia Tech.
For more information on this topic, listen to the webcast Audits, assessments and penetration tests, oh my! with guest speaker Ira Winkler, Chief Security Strategist for HP Consulting, North America.