Hi all,

I've been away from AO for a while, busy with some stuff going on lately. I have a question that fits best here, so I'm back.

Here's the situation. Recently, my organization is questioning the value of Penetration Testing. It turns out the people asking didn't really know what it was to begin with. I am in the process of explaining it to these folks now. However, the questions keeps coming up; "What is the value added?" "Why should we continue?" "Who should be doing it?"

So I have a few questions to the mighty AO:

Why do you pen test?
Why don't you pen test?
What is the value?
Who (what functions) should be doing the testing?

Also, for the n00bs, here is what a Pen Test is: http://en.wikipedia.org/wiki/Penetration_testing

Additionally for the member that will slam me for posting a reduntant topic, I am looking for some fresh info. Please, no links to other threads.

Any input would be great! TIA!