What is a pen test?
What is a pen-test: A pen test - short for penetration test - is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g., “compromise this piece of data…). A vulnerability scan tells you “what are my weaknesses?”, and the pen test tells you “how bad a specific weakness is.”
Different industries will have different government-mandated requirements that dictate the frequency of penetration testing. One of the more broad-reaching regulations, the PCI DSS, for example, requires testing on an annual basis. However, it is prudent to go beyond the legal minimum. You should also conduct a pen-test every time you have:
added new network infrastructure or applications
made significant upgrades
made modifications to infrastructure or applications
established new office locations
applied a security patch (or patches)
modified end-user policies
In other words, any time you have made a significant update to your software or hardware, it should be considered essential to conduct pen-testing (and update IT documentation).