Security assessments require the use of an assortment of approaches in order to obtain an in-depth and accurate representation of a system’s assurance level. Unfortunately, there is no all-purpose tool for performing thorough information assurance analysis. 00Islands IV&V Program understands this and employs a variety of methodologies. One of the most effective methods to discover weaknesses in an environment is to perform penetration tests. “Pen-testing” involves utilizing various approaches to attempt to break into a system, emulating the behavior of a hacker. It is through this methodology that vulnerabilities can be revealed before being discovered by an attacker; thereby preventing a potentially catastrophic incident. The benefits of pen-testing make it ideal to assist in the process of risk remediation. The procedure affords stakeholders with a holistic representation of the risk picture of their system versus an enumerated list of individual vulnerabilities. An example of the results: stakeholders are made aware of the combined risk of two lower-risk vulnerabilities being exploited in a particular order. Additionally, the true consequences of an exploitation of specific weaknesses can be experienced, thereby providing stakeholders with a more accurate representation of vulnerabilities’ severity levels. 00Islands IV&V Program utilizes a variety of practices to perform pen-tests against systems.