1 Assessing Vulnerabilities and Risk: Penetration Testing and Vulnerability Assessments

Penetration testing usually occurs in the compliance sphere, both in the semantics we use to describe technical points like “regulating deployments” and in the language technology vendors employ to describe those implementations. Compliance, however, is intolerant when it comes to accuracy in writing, and elusive inconsistencies in words can mean the difference between compliance and noncompliance. Erratic interpretations of conditions can lead to incongruous control selection, vague or unsuitable management responses, misrepresentation of controls to auditors, and many other problems. These ...