Penetration Testing

A Penetration Test will actively assess and evaluate the vulnerabilities of a security system, application or process and then exploit those vulnerabilities. The word ‘active’ is emphasised instead of theoretically assessing the vulnerabilities or conducting a paper based audit.

The ability to penetrate is divided into two main categories:

Physical Penetration

Carried out by lone workers or organised teams simulating the current and perceived threat from individuals ‘physically’ gaining access by intrusion.

Technical – Information & Communication Technology (ICT) Penetration

Carried out by lone workers or organised teams ethically hacking into an ICT System and exposing the vulnerabilities. Our consultants are qualified ‘Certified Ethical Hackers’ (CEH).

For both categories, strict Rules of Engagement including any legal documentation will be planned with the client and the Olchon Test Manager. This will ensure Health and Safety is adhered to at all times and Business Continuity is enforced whilst the test is carried out.

It is not always feasible to deliver an active Penetration Test therefore Olchon offers two capabilities:

• External – The Penetration Test audit team, acting in what’s known as the Red Team role, will attempt to penetrate defences with zero knowledge of the system, application or process.
• Internal – the Penetration Test audit team, acting in what’s known as the Blue Team role, will conduct a thorough audit, with knowledge of the systems configuration and security posture, including supporting policy, response mechanisms and security awareness levels.

Reporting and Mitigation

Olchon’s Penetration Test Report will identify and document vulnerabilities, assessing each of them for the Probability of Successful Exploitation (PSE). It will then highlight the mechanisms to mitigate (physical, procedural and/or technical) and advise the client on the increased security measures required, proportionate to the identified PSE.