Ask the Expert

Difference between audits, assessments and pen tests

What do you see as the difference between assessment and audits?

Platform: Windows

    Requires Free Membership to View

Security audits, assessments and penetration tests make up the three primary types of examinations that an organization can undertake and each has a slightly different focus and scope. In my opinion, security audits are usually driven by regulatory compliance, HIPAA, GLB, etc. A security audit uses a list of criteria to measure overall security. A vulnerability assessment is usually based on a policy on non-attribution and can be a more involved study of the entire information systems security stance. The NSA IAM is an example of an assessment methodology. Pen testing is the third category of security examination. It is usually a covert activity that looks specifically to see what attackers can see and access on the organizations systems. It can involve a number of attacks to ascertain whether or not a system could withstand an attack from an attacker.

This was first published in August 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: