14ASSESSING SECURITY

Image

Once you’ve put your security measures in place, you need to make sure they’re actually protecting your assets. As discussed in Chapter 6, complying with laws and regulations doesn’t actually mean you’re secure. Since that’s the case, how can you assess the true level of your security? You have two primary vehicles for doing so: vulnerability assessment and penetration testing. In this chapter, I’ll discuss these two methods.

Vulnerability Assessment

A vulnerability assessment is a process that uses a specially designed tool to scan for vulnerabilities. Two common vulnerability assessment tools are Qualys and Nessus. To create ...

Get Foundations of Information Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.