Penetration Testing mailing list archives
Re: IT Audit vs Pen-Test
From: JiPi DiNi <jipidini () gmail com>
Date: Fri, 25 Mar 2011 13:12:04 -0400
Audit equals collecting evidences while performing the evaluations of some controls (ie PCI-DSS) Pentest equals breaking into your systems to assess the attack vectors and their feasability. (ie. breaking into your web servers.) http://en.wikipedia.org/wiki/Information_technology_audit http://en.wikipedia.org/wiki/Penetration_test Thanks, JiPi DiNi On Fri, Mar 25, 2011 at 9:26 AM, cribbar <crib.bar () hotmail co uk> wrote:
Hi All, Excuse my ignorance, but what is the difference between an IT Audit and a Pen-test? Say if the scope of the review was to look at public facing infrastructure, what would an IT Audit look for that a Pen-Test would not, and vice versa? Theres another concept I keep hearing about that is an "IT Healthcheck", how does that differ from the IT Audit or Pen-Test, which does it more closely resemble, as IT Audit or a Healthcheck? What are the benefits/limitations of each of these 3? With Regards -- View this message in context: http://old.nabble.com/IT-Audit-vs-Pen-Test-tp31237881p31237881.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- IT Audit vs Pen-Test cribbar (Mar 25)
- Re: IT Audit vs Pen-Test Jovon Itwaru (Mar 26)
- Re: IT Audit vs Pen-Test JiPi DiNi (Mar 26)
- <Possible follow-ups>
- Re: IT Audit vs Pen-Test vito . nozza (Mar 26)