Are most companies having 3rd party pen-tests performed on a regular basis?

0
Posted

Are most companies having 3rd party pen-tests performed on a regular basis?

0

Most regulations and industry guidance documents recommend at least an annual 3rd party penetration testing. I would agree with the other respondents that annual is the normal time period companies hire a 3rd party for this type of service. Penetration testing is also evolving to include social engineering, war dialing, and other on-site activities. A healthy security program should certainly focus on critical (or “most important” as defined under Sarbanes Oxley) assets, but do so through a rotation ensuring a full vetting of all possible attack vectors.

Related Questions