Scoping and rules of engagement
Information security compliance regulations and guidelines (FDIC, FFIEC, GLBA, HIPAA, HITECH, NCUA, OCC, PCI DSS, etc.) require an organization to conduct independent testing of their information security program to identify vulnerabilities that could result in unauthorized disclosure, misuse, alteration, or destruction of confidential information, including Non-Public Personal Information (NPPI).
TraceSecurity offers internal and external penetration tests as separate services. These tests mimic the action of an actual attacker exploiting weaknesses in network security without the usual dangers. The internal penetration test examines internal IT systems for any weakness that could be used to disrupt the confidentiality, availability, or integrity of the network. The external penetration test examines external IT systems in the same manner.