Why is your organization seeking a network security assessment?
- To fulfill a security policy?
- To meet a client requirement?
- To achieve regulatory compliance?
- To provide Meaningful Use Attestation?
There are two different types of testing that you might want to consider:
Vulnerability Tests are designed to yield a prioritized list of vulnerabilities and are generally for organizations who understand they are not where they want to be or don’t know where they are in terms of security. This would be a first step in understanding and addressing your network security. The organization realizes they probably have issues and simply need help identifying and prioritizing them.
Penetration Tests are designed to achieve a specific, attacker-simulated goal and should be requested by organizations who are confident they are at their desired security posture. The deliverable for a penetration test is a report of how security was breached in order to reach the agreed-upon goal (and often how to remediate).