The VoiceCon show I am now attending here in San Francisco is heavily oriented toward enterprise (as opposed to consumer) VoIP. Natural, then, that what I'm finding might be of key interest to enterprise readers.
Vulnerability Analysis- which examines VoIP devices, infrastructure and applications, and then posting potential entry points for attack;
Risk Assessment- A color-coded reports on threats, with codes based on asset value and likelihood of exploit;
Penetration Testing- Launching simulated attacks in a controlled environment such as an isolated section of a network or even a lab setting.
Each phase generates a report, as well as what Sipera terms "remediation recommendations."