ABSTRACT
Testing the efficacy of security systems and networks has become a thriving business for many companies today. The reasons for implementing a security-testing program are varied, and no two organizations will find exactly the same rationale applicable to them. These include:
• Customer Confidence • Legal Protection • New Product/System Testing • Fiduciary Responsibility • Privacy Laws • Insurance Requirements • Government Regulations • International Cooperation • Trade Secret Protection
As the need for increased protection heats up, a flurry of terminology is being thrown around in an effort to impress clients, but it generally ends up just confusing them. Most customers do not know or understand the significant differences among the various security-testing methods, and too many vendors rely upon that ignorance to sell their wares and services.
