Nick Furneaux & Jims Marchang 
Penetration Testing 
A guide for business and IT managers

Penetration testing is the attempt to professionally break in to an organisation’s systems by exploiting any vulnerabilities, with the goal of determining whether an organisation’s IT systems and resources are secure. As hackers and would-be cyber attackers become increasingly more brazen, penetration testing has become an essential practice.

This BCS guide for business and IT managers, developed in collaboration with CREST, explains the process of penetration testing and the benefits it brings. With contributions from practising penetration testers and information security experts, the book brings together a wide range of expertise, insight, and tips for setting up a penetration testing programme, maintaining it, and responding to the results of penetration tests.

Table of Content

What is penetration testing?

Successful penetration testing: an overview

Regulatory management for penetration testing

Embedding penetration testing within organisational security policies and procedures

Outcome-led and intelligence-led penetration testing

Scoping a penetration test

Penetration test coverage and simulating the threat

Building organisational capability for penetration testing

Commissioning penetration tests 

Selecting tools for penetration testing

Good practice for penetration testing

Role and coverage of reporting

Interpretation and application of report outcomes

Acting on penetration test results 

About the author

The BCS-CREST penetration testing working group are all penetration testing experts from across the security industry. From penetration testers and consultants, to university lecturers specialising in information security, to information security managers, they all have insight to share on preparing, carrying out, and responding to penetration testing.