Q

Difference between audits, assessments and pen tests

Gregg distinguishes the differences between audits and assessments.

What do you see as the difference between assessment and audits?

Platform: Windows

Security audits, assessments and penetration tests make up the three primary types of examinations that an organization can undertake and each has a slightly different focus and scope. In my opinion, security audits are usually driven by regulatory compliance, HIPAA, GLB, etc. A security audit uses a list of criteria to measure overall security. A vulnerability assessment is usually based on a policy on non-attribution and can be a more involved study of the entire information systems security stance. The NSA IAM is an example of an assessment methodology. Pen testing is the third category of security examination. It is usually a covert activity that looks specifically to see what attackers can see and access on the organizations systems. It can involve a number of attacks to ascertain whether or not a system could withstand an attack from an attacker.
This was first published in August 2006

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close