Penetration Testing as an auditing tool

This document summarizes a presentation on regulations updates and penetration testing. The presentation covered recent changes to regulations like the ID Theft Red Flags Rule and PCI standards. It discussed why organizations should perform penetration tests, including to satisfy legal requirements and improve security. Potential vulnerabilities to check for were provided, like default passwords. The presentation included case studies of penetration tests performed and how access was gained through issues like unpatched systems. It emphasized that many security issues can be addressed through better password management, policies and procedures, and patch management.