Technical overview of the different types of penetration test and how these can be used within wider information security assurance activities. It also provides guidance on how organisations should plan for, procure and manage such tests

http://www.niscc.gov.uk/niscc/docs/re-20060508-00338.pdf?lang=en

Urs