Today on The SecurityOrb Show, we spoke about the differences between security vulnerability assessment, pent-testing and security audits and the skill-set to implement them. We also discuss a little bit about continuous and automated security as well as Windows 8 first security update 2-weeks after its officially release.
A vulnerability assessment is a practice used to identify all potential vulnerabilities that could be exploited in an environment. The assessment can be used to evaluate physical security, personnel (testing through social engineering and such), or system and network security.
While a vulnerability assessment’s goal is to identify all vulnerabilities in an environment, a penetration test has the goal of “breaking into the network.” The Pen-Tester only needs to exploit one or two vulnerabilities to actually penetrate the environment.
A security audit is basically someone going around with a criteria checklist of things that should be done or in place to ensure that the company is in compliance with its security policy, regulations and legal responsibilities.