What do you see as the difference between assessment and audits?
Security audits, assessments and penetration tests make up the three primary types of examinations that an organization can undertake and each has a slightly different focus and scope. In my opinion, security audits are usually driven by regulatory compliance, HIPAA, GLB, etc. A security audit uses a list of criteria to measure overall security. A vulnerability assessment is usually based on a policy on non-attribution and can be a more involved study of the entire information systems security stance. The
is an example of an assessment methodology. Pen testing is the third category of security examination. It is usually a covert activity that looks specifically to see what attackers can see and access on the organizations systems. It can involve a number of attacks to ascertain whether or not a system could withstand an attack from an attacker.
Dig deeper on Network Security Monitoring and Analysis
Enterprise security expert, Michael Gregg answers a question regarding port 3389 issues when a user tries to open port 3389 RDP on their router to ...continue reading
Expert Michael Gregg answers a reader question about Snort and the interfaces it uses.continue reading
Security expert Michael Gregg discusses the disadvantages to a layered approach to enterprise security.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.