This website uses cookies. View our cookie policy

Levels of Penetration Tests

Which level of test do you need?

IT Governance offers two different penetration test levels to choose from (see table below). 

The level of test will be decided according to your technical, business and budgetary requirements, and the scope will be established and agreed based on a detailed consultation with your organisation, allowing us to assess the potential vulnerabilities in your networks and systems.

Our CREST-approved penetration testing team recommends a level 1 test in most cases, allowing you to identify exploitable vulnerabilities before the criminal hackers do. 

Level 1 Penetration Test

Using a series of manual assessments combined with automated scans, our certified ethical hacker team is able to assess the true extent of the exploitable vulnerabilities in your networks, systems, websites, web applications and/or wireless networks. 

A level 1 penetration test provides you with an in-depth and easy-to-follow report detailing the recommendations for mitigating any issues identified by the assessment. It gives a sound overview of your security posture and is faster and more cost-effective to implement than a level 2 penetration test.

Level 2 Penetration Test

Level 2 penetration tests are extensive, detailed assessments that involve testing each of your identified vulnerabilities to establish security gaps in your hardware and software, systems or web applications and trying to exploit them. 

The in-depth  nature of these tests mean that they typically take several weeks to complete and are normally only recommended to clients that require a complex cyber attack simulation.

Vulnerability scans

Get a high-level overview of the potential vulnerabilities in your network with a vulnerability scan. 

Detail of test Vulnerability Scan ITG Penetration Test – L1 ITG Penetration Test – L2
Pre-assessment client scoping and consultation
Scope of assessment Agreed with client Agreed with client Agreed with client
Fixed-price package available --- Yes, limited scope ---
Can be conducted internally and externally
Identification of potential vulnerabilities
Identification of configuration vulnerabilities
Identification of potential security loopholes ---
Immediate notification of critical issues
Automated scanning
Manual scanning ---
Manual testing ---
Manual grading of vulnerabilities ---
Exploitation of potential vulnerabilities to establish the impact of an attack --- ---
Type of report generation Automated report Manually written Manually written
Executive summary in business terms ---
Technical report with remedial actions per identified issue ---
Where used
Facilitates compliance with the PCI DSS (dependent on compliance category) Not recommended
Facilitates compliance with ISO27001 Not recommended
When to conduct tests
On a regular basis
After changes have been made to the network/website
After a data breach Not recommended

Speak to an expert

For more information and guidance on penetration testing or packages IT Governance offers, please contact our experts who will be able to discuss your organisations needs further.