How Security cHangeD PoSt 2000 85
return on investment in the way of improved security controls (!), but
this is a topic for Chapter 7.
e earlier penetration tests were usually conducted by a team of
up to six security analysts (but usually the number was four), and the
time frame could be up to three weeks (but it was usually one or two
weeks). I do not think Asia–Pacic is a good reference for global prices
in this area, but I remember that back in 2000 at TSAP, a 40 man-day
(four analysts for 10 business days) penetration test would have set
clients back roughly US$35,000–40,000.
e type of manual penetration test that I discussed in the previous
paragraph would give clients a feel for their perimeter security. Unless
there were a hu