Are most companies having 3rd party pen-tests performed on a regular basis?
Most regulations and industry guidance documents recommend at least an annual 3rd party penetration testing. I would agree with the other respondents that annual is the normal time period companies hire a 3rd party for this type of service. Penetration testing is also evolving to include social engineering, war dialing, and other on-site activities. A healthy security program should certainly focus on critical (or “most important” as defined under Sarbanes Oxley) assets, but do so through a rotation ensuring a full vetting of all possible attack vectors.
Related Questions
- There are several trial accesses available as on now. Please clarify whether ACM Digital Library & J-Gate will be available on regular basis or only just for few months?
- Is the Cleantech sector sufficiently diverse to find attractively valued companies on a regular basis year after year?
- What testing is performed on a regular basis on the milk I buy at the grocery store to insure its safety?