What do you see as the difference between assessment and audits?
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Security audits, assessments and penetration tests make up the three primary types of examinations that an organization can undertake and each has a slightly different focus and scope. In my opinion, security audits are usually driven by regulatory compliance, HIPAA, GLB, etc. A security audit uses a list of criteria to measure overall security. A vulnerability assessment is usually based on a policy on non-attribution and can be a more involved study of the entire information systems security stance. The
is an example of an assessment methodology. Pen testing is the third category of security examination. It is usually a covert activity that looks specifically to see what attackers can see and access on the organizations systems. It can involve a number of attacks to ascertain whether or not a system could withstand an attack from an attacker.