Читать книгу CompTIA Pentest+ Certification For Dummies - Glen E. Clarke - Страница 20

If your organization is not governed by regulations that dictate when you need to perform a penetration test, you can create your own schedule that works for you. Hiring an external team of penetration testers can be expensive, so one option may be to create a schedule that uses internal staff to test internal and external assets more frequently than an external company. For example, a schedule could look like this:

 Every 12 months: Penetration testing of internal assets is performed by internal staff.

 Every 12 months: Penetration testing of external assets is performed by internal staff.

 Every 24 months: Penetration testing of internal and external assets is performed by a third-party company.

Using internal staff for penetration testing can help you reduce costs of penetration testing while still performing them on a regular basis. However, you should have a third-party company perform a penetration test at some point because it is a great way to get a real-world picture of your assets’ vulnerabilities.