Due to the high cost of penetration testing, I usually recommend that mature security programs consider it. If
you're currently building up your security infrastructure and lacking several major pieces, invest your budget there first. Otherwise, the penetration test will only uncover vulnerabilities that you're already aware of. On the other hand, if you deploy penetration testing to evaluate a fully implemented infrastructure, you might gain valuable insight on potential weaknesses.
Dig deeper on Security Testing and Ethical Hacking
Related Q&A from Mike Chapple, Enterprise Compliance
Should companies obtain U.S. security clearance to join the Enhanced Cybersecurity Services program? Mike Chapple offers his perspective.continue reading
Does a Web application security assessment termed 'compliance ready' seem too good to be true? Learn its role in an enterprise compliance program.continue reading
Learn how hiring the right PCI DSS-compliant service providers, especially payment services providers, can reduce your compliance burden.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.