Security Assessments and Penetration Testing
Security assessment refers to a systematic examination of an organization’s network, policies, and security controls. Security assessments are used to determine the adequacy of security measures, identify security deficiencies, and provide data from which to predict the effectiveness of potential security measures. A security assessment can follow different approaches and techniques.
Test Methods
Security assessments can be broken into several categories, including security audits, vulnerability assessments, and penetration testing:
Security Audit A security audit is an independent review and examination of an IT system used to determine the adequacy of the controls. A security audit also looks at the existing policy and how it maps to operational procedures.
Vulnerability Assessment A vulnerability assessment typically makes use of automated tools such as Nessus, Saint, and Retina. These tools can examine systems, applications, and...