Many organisations conduct regular penetration tests knowing that somewhere down the line, remediation requirements ascertained from them are not acted upon or are not visible to the wider Risk Management team. This is quite surprising, and probably even quite shocking to say the least but according to many sources, those organisations are not alone. In fact, the 2018 Nuix Black report finds: ‘93% of Testers say that after a penetration test, the client would most commonly not fix some or all of the vulnerabilities identified by the testers or investigators.’
Managing and actioning the findings of a penetration test is the most critical activity. Yet companies are obviously still struggling to keep track of their remediation activities often relying on a combination of SharePoint, email and spreadsheets to action fixes, illustrate the need and to obtain acknowledgement that remedial work has been completed. But this is a disjointed approach and one that lacks an auditable process which in today’s accountable age is absolutely critical.
Organisations need to start to untangle from the mess of these old systems. As this results in an inefficient and ineffective remediation process. They need a more coherent approach to the identification, recording and monitoring of required fixes – which in turn will give them the assurance that their critical data is safe.
And without that coherent approach, there is little to no degree of assurance available that their organisations’ assets are protected. Without overview and accountability, the responsibility for fixing issues raised by those Pen Test results can be lost.
That’s why here at IRM, we have developed a unique portal for our GRC software platform – SYNERGi. This dedicated penetration testing portal has been adopted by some of our clients. They are already seeing the benefits of greater visibility on which key sites/systems have been tested as well as being able to flag those systems and applications that have NOT been tested.
Furthermore, the portal has been found to enable our clients to make the best use of budget & manage the critical findings as soon as they are reported and prioritise the retest activity.
If you are interested in learning more about the testing portal, click here to fill out your details. We will then put you in touch with one of our experts who can discuss your individual needs.