Chapter 62

Assessments and Audits

Lauren Collins,    kCura Corporation

1 Assessing Vulnerabilities and Risk: Penetration Testing and Vulnerability Assessments

Penetration testing usually occurs in the compliance sphere, both in the semantics we use to describe technical points like “regulating deployments” and in the language technology vendors employ to describe those implementations. Compliance, however, is intolerant when it comes to accuracy in writing, and elusive inconsistencies in words can mean the difference between compliance and noncompliance. Erratic interpretations of conditions can lead to incongruous control selection, vague or unsuitable management responses, misrepresentation of controls to auditors, and many other problems. These ...

Get Computer and Information Security Handbook, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.