PENETRATION TESTING LEVEL II – NETWORK EVALUATION Much more hands-on than a Level I assessment. This process looks at external technical risk potential, however does not actively attempt manual intrusions. This Assessment results in a Threat Analysis Report and defines an estimate of the exposure profile of an organization. The following items are explored: External Firewall Ports[…]

PENETRATION TESTING LEVEL I – HIGH LEVEL ASSESSMENT A top-down look at the organization’s policies, procedures, standards and guidelines. A Level I assessment does not usually involve hands-on technical work. During this period a technical system’s security is not actually tested, rather policies and procedures. The following items are explored: New User Requests or Changes Physical Security[…]