Penetration Testing (Pen Testing) Packages
IT Governance penetration testing packages are designed to provide a complete solution for the efficient and routine testing of your IT system. Our tests ensure that your networks and applications are genuinely secure against a range of increasingly sophisticated, harmful, and frequent automated cyber attacks. We uniquely offer a combination of fixed-price and custom penetration testing solutions.
IT Governance penetration tests
Types of penetration tests
View this handy comparison table, which summarizes and illustrates the key differences between the different tests.
Maintain your cybersecurity—year in and year out!
Save 15% with our recurring penetration testing packages.
ITG recurring penetration testing packages
Our recurring penetration testing packages are designed to identify vulnerabilities in an IT system and provide advice and recommendations for any corrective measures required. These multiple test packages are designed to meet the needs of organizations of all sizes by providing regular testing to ensure that networks and applications remain secure over time. They will also ensure compliance with security standards such as ISO 27001 and the PCI DSS.
The benefits of IT Governance’s recurring penetration testing packages:
Recurring packages provide a comprehensive solution for testing your IT systems, networks, and applications effectively and at a discounted price.
Get peace of mind knowing that all of your testing requirements have been taken care of.
Lock the price down now and avoid any future price increases.
You get the reassurance that your networks and applications are secure against cyber attacks.
You will receive a comprehensive technical report identifying potential vulnerabilities and recommended remedial activities for each vulnerability identified.
An executive summary of the potential vulnerabilities identified can be used for your management team.
An optional presentation of the report findings can be arranged for your management team.
Why IT Governance?
As a CREST member company, IT Governance has been verified as meeting the rigorous standards mandated by CREST. Clients can rest assured that the work will be carried out to rigorous standards by highly qualified and knowledgeable individuals with a solid track record of conducting penetration tests and vulnerability assessments.
How should you select a reliable provider?
A good penetration tester can replicate the types of actions that a malicious attacker would take, which offers your IT teams a much more accurate view of the vulnerabilities within your networks and systems at a specific point in time. Although there are several commercial products that can provide credible testing parameters and results, nothing replaces a hands-on, manual test conducted by a true "ethical hacking" professional, certified by a regulatory organization such as CREST. CREST member companies must undergo a rigorous assessment and registration process that looks at methodologies, test hygiene, staff vetting, and data handling.
Penetration tests and the PCI DSS
The PCI DSS states that penetration testing is mandatory for all Level 1 merchants and service providers and for those organizations that have suffered a breach. It may also be required for other organizations, depending on their compliance requirements. To discuss your testing requirements for PCI compliance, please call us now toll-free on 1 877 317 3454.
ISO 27001 and penetration testing
If you are implementing ISO 27001, a penetration test is crucial during the following ISMS implementation stages:
As part of the risk assessment process to uncover vulnerabilities in any Internet-facing IP addresses, web applications, or internal devices and applications.
As part of the performance evaluation to ensure that controls actually work as designed.
As part of the continual improvement processes to ensure that controls continue to work as required.
Whenever significant changes are made to your network infrastructure.
When should a penetration test be conducted?
Given the ever-increasing risk of attack to a network and the continual enhancements and upgrades made to a system over time, IT Governance strongly recommends that a penetration test be conducted on a regular basis. Such testing may also be a requirement for compliance with ISO 27001 and the PCI DSS.
It is recommended that a penetration test be conducted after every major installation or reconfiguration of network infrastructure, particularly if this involves firewalls and dedicated security subsystems.
For smaller organizations that have had no major changes to their IT systems over a period of 12 months, it is recommended that a penetration test be conducted annually (one per year).
For larger organizations that have had no major changes to their IT system over a period of 12 months, it is recommended that a penetration test be conducted quarterly (four per year).
Penetration testing and PCI DSS combined annual contract
To book your penetration testing service or to discuss your requirements, please call us now toll-free on 1 877 317 3454 or email us.