Due to the high cost of penetration testing, I usually recommend that mature security programs consider it. If you're currently building up your security infrastructure and lacking several major pieces, invest your budget there first. Otherwise, the penetration test will only uncover vulnerabilities that you're already aware of. On the other hand, if you deploy penetration testing to evaluate a fully implemented infrastructure, you...
might gain valuable insight on potential weaknesses.
Dig deeper on Security Testing and Ethical Hacking
Related Q&A from Mike Chapple, Enterprise Compliance
The HHS security risk assessment tool is designed to help healthcare providers meet the HIPAA security requirement. Expert Mike Chapple explains how ...continue reading
PCI DSS requirement 6.6 demands application security compliance through one of two options: an application firewall or a code review. Expert Mike ...continue reading
Are HIPAA-compliant hosting services a better option for compliance than a secure storage API? Expert Mike Chapple analyzes.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.