Question

Lykke's supervisor is evaluating whether to use internal security employees to conduct a penetration test. Lykke does not consider this a good idea and has created a memo with several reasons they should not be used. Which of the following would NOT be part of that memo?

a) Lack of objectivity and fresh perspective.

b) In-depth knowledge of internal systems.

c) Potential conflict of interest.

d) Limited expertise in diverse attack methods.

Answer 1

The option not included in Lykke's memo about internal penetration testing is 'In-depth knowledge of internal systems,' as it's an advantage rather than a concern.

Step-by-step explanation:

The reason that would NOT be part of Lykke's memo as to why internal security employees should not conduct a penetration test is b) In-depth knowledge of internal systems. This is because having an in-depth knowledge of the systems could arguably be seen as an advantage for an internal team conducting a penetration test, as they would be familiar with the intricacies and potential vulnerabilities of their systems. However, the other options listed are legitimate concerns: a) Lack of objectivity and fresh perspective implies that an internal team might miss security flaws they're accustomed to overlooking; c) Potential conflict of interest suggests that internal employees might be reluctant to thoroughly expose weaknesses that could reflect poorly on their work or the work of their colleagues; and d) Limited expertise in diverse attack methods infers that an internal team might not possess the necessary skills to simulate a wide range of external threats.