Author: Ethical hacking: The next level or the game is not over, ISACA journal, published in volume 4/2014

Information security vendors have recognized the need to optimize the process of managing ethical hacking projects with the goal to reduce their costs. They start offering ethical hacking services in the form of Security as a Service (SecaaS) solutions. The ability to acquire ethical hacking security assessment for information systems with medium or even low business impact would allow organizations to build more complete and accurate risk treatment plan and optimize resources for information security management.

http://www.isacajournal-digital.org/isacajournal/2014_volume_4?pg=16#pg16