The pen tester may be required to provide the client organization with a proof of compliance with certain legislation, regulations, best practices, or industry standards as a part of the pen testing effort. These regulations vary widely from one jurisdiction to another – from country to country and, often, from state to state.

Many regulations are industry-specific – such as legislation concerning health care – and only apply to that industry sector or vertical. Other legislation applies across all industries in a region or country and are, therefore, horizontal in nature.

A multinational organization may find it nearly impossible to be compliant with the regulations in all the countries they operate in. ...

Get Penetration Testing: Protecting Networks and Systems now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.