Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

Penetration Testing Policy

VIEWS: 384 PAGES: 3

This document sets forth a company's penetration testing policy. The main objective of penetration testing is to determine security weaknesses within a company's computer system or network that may make it vulnerable to attack from unauthorized parties. This document contains a standard penetration testing policy, but may be customized to reflect a company's specific policy. This provision should be used by a company's human resources department and included in an employee handbook.

More Info
									This document sets forth a company's penetration testing policy. The main objective of
penetration testing is to determine security weaknesses within a company's computer
system or network that may make it vulnerable to attack from unauthorized parties. This
document contains a standard penetration testing policy, but may be customized to
reflect a company's specific policy. This provision should be used by a company's
human resources department and included in an employee handbook.
                               Company Penetration Testing Policy


Penetration testing (also called pen testing) is the practice of testing a computer system,
network or Web application to find vulnerabilities and security weaknesses that an
attacker or unauthorized party could exploit. The testing process identifies possible entry
points in the system or network, attempts to break in and reports the findings.

Pen tests can be automated or can be run manually, and are conducted periodically and
without notice to Company employees. [Insert which if any Company staff members will
be notified in non-emergency instances in advance of pen testing.]

A pen test can also be used to test a company’s security policy compliance, its
employees' security awareness and the company's ability to identify and respond to
system or network security incidents.

The purpose of this policy is to grant authorization to appropriate members of the
company’s system or network security team to conduct pen tests. Authorization to scan
the computer assets of a specific division, department or unit or [insert any other
authorized areas if any] may be granted by the [insert titles of employees permitted to
grant authorizations, for example, department manager, Vice President of I/T, etc.]. All
authorizations must be in writing and signed by the employee issuing the authorization.

During the periods when pen testing is in process, the Company’s I/T and/or security
departments will take all precautions to ensure that there is no disruption in system or
network services.




© Copyright 2011 Docstoc Inc. registered document proprietary, copy not                    2

								
To top