An organization who wishes to have a certain measure of security will request a one-time testing engagement and may or may not have that repeated on an annual basis. An organization who desires to add an extra level of protection for its data will request an annual testing engagement, followed by a continual quarterly service.
One-time intense testing has advantages and disadvantages. The advantage is that the security tester will be completely focused on your site during the testing. The disadvantage is some real-world attacks require many weeks or months to fully perform, so they will not be completed by the end of a one-time engagement.
The continual quarterly service has several advantages:
- Longer attacks can be carried out, which normally would not have time to complete during a one-time testing engagement.
- Your network will be evaluated on a continual basis, with most aspects of testing being performed four times within the year.
- The latest attacks and n-days will be tested against your organization much more quickly, soon after being made public.
- Annual testing: 5% discount
- Semi-annual testing: 10% discount
- Quarterly testing: 15% discount
Note: Discount requires an initial full-scope engagement