The question most commonly asked by any organization is
Agreed that a penetration test would involve a lot of risks like bringing a production system down, etc., but a properly planned penetration test would definitely add value in an organizations security framework. It should be understood that a penetration test with proper systematic approach, if included as an ongoing process in an organizations risk assessment plan, will lead to a better understanding of the current security posture of the organization and will help the organization in mitigating the risks at the proper time.

The link for this article located at Info Sec Writers is no longer available.