Pen-testing may be conducted to complement background investigations and ensure social engineering and networking safety.

Pen-testing is implemented by simulating malicious attacks from an organization's internal and external users. The entire system is then analyzed for potential vulnerabilities. A plan that communicates test objectives, timetables and resources is developed prior to actual pen-testing.

Pen-testing is an invaluable process for a number of reasons, including the following:

• Minimal security breach potential ensures system reliability.
• Complies with regulatory or other agencies.
• Demonstrates a good-faith effort to protect customer information

Pen-testing tools include:

• Commercial off-the-shelf (COTS) or prebuilt equipment and/or software applications
• Proprietary enterprise applications (EA)
• Potentially compromisable phone and wireless systems
• Physical controls
• Websites