We all know that performing pen tests helps identify holes in yur network, but, as stated in the following article from eWeek, you need a little more than just someone who can break into your systems. Even the big 4 audit firms are adding services. Not to be outdone, the likes of Symantec, McAfee, ISS and VeriSign are joining the fray. It comes as a cost though, and companies may find just as much talent in smaller firms as they do the larger ones but at a lower cost. Either way you go, this field is evolving quickly.

---

"During Ziff Davis Internet's Security Virtual Tradeshow, panelists offered advice on how companies can assess which type of professional firms are right for them, what type of protections to put in place, and why it's important to set long-term security goals.

Lenny Mansell, senior manager of security consulting at Eclipsecurity, noted that when some enterprises are ready to do security assessments, they consider hiring hackers to defeat the company's firewalls and other protective measures, but such a tactic may not be reliable.

"What you want is a security professional to conduct regimented testing," said Mansell. "Don't just look for people who can break into your computers."

For full story,
http://www.eweek.com/article2/0,1895,1872236,00.asp

Don