An Introduction to Penetration Testing

All of the above tests can be performed as a white paper analysis instead of a ‘hands-on’ assessment. This is the preferred choice for those companies who feel they cannot trust outside agencies with their data, even ones security-cleared and government-certified. However, the majority of clients who choose this option do so because it affords a better appreciation of the security implications of their architecture. Although, the client does not get a true review of what could be done in an attack, they do get a report which shows where their systems are most vulnerable and how an attacker might approach the target. The client can then concentrate their security monitoring

Other Resources and Recip Links: EPIC  
ISO 17799 and Gateway Listed