Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 10-day trial to continue exploring with full access.

What Makes a Good ‘Pen Tester’

John Reed Stark | December 8, 2015

John Reed Stark IconJust as maintaining good health requires an annual physical checkup, maintaining robust cyber-security requires an annual cyber-security checkup—but the world of cyber-security checkups is confusing.

First, even the consultant jargon is unclear. Firms sell penetration testing, risk and security assessments, data security audits, application security evaluations, code reviews, and other similarly described services. For purposes of this column, I will put all of them under the label of penetration (or “pen”) testing, which is standard parlance and also considered the lowest common denominator... To get the full story, subscribe now.