ABSTRACT
To ensure the test is valuable to the overall security program, in addition to being financially effective, the demands of the business must be understood. Moreover, the perception of security by the management and the sponsor of the test needs to be evaluated. What are the goals of the test? What is the scope? What are the limitations and why? Finally, what elements of the test are going to be employed, to what granularity, and are they going to expose vulnerabilities that relate to your security risks? These questions and more are addressed to make certain the test is effective for the business.
