Imagine that you need to hire a third-party penetration test vendor to validate existing security controls as
part of HIPAA and PCI compliance regulations.
There are a number of important factors to consider in selecting a penetration testing vendor as outlined
in the article “Penetration Testing: The Third Party Hacker "https://www_sans.org/reading-
room/whitepapers/testing/penetration-testing-third-party-hacker-264" by InfoSec Reading Room from SANS
Institute.
-Prepare a short paper (two pages in length, double-spaced) to address the following questions:
1.Examine the pros and cons of hiring a third party vendor to conduct penetration testing.
2.ldentify and elaborate on at least three factors that are important to consider when selecting a
penetration test vendor.
3.Provide rationale to justify each factor you have identified in light of the materials covered in this module.