Due to the high cost of penetration testing, I usually recommend that mature security programs consider it. If you're currently building up your security infrastructure and lacking several major pieces, invest your budget there first. Otherwise, the penetration test will only uncover vulnerabilities that you're already aware of. On the other hand, if you deploy penetration testing to evaluate a fully implemented infrastructure, you might gain valuable insight on potential weaknesses.
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.