Audit equals collecting evidences while performing the evaluations of
some controls (ie PCI-DSS)
Pentest equals breaking into your systems to assess the attack vectors
and their feasability. (ie. breaking into your web servers.)
On Fri, Mar 25, 2011 at 9:26 AM, cribbar <crib.bar (at) hotmail.co (dot) uk [email concealed]> wrote:
>
> Hi All,
>
> Excuse my ignorance, but what is the difference between an IT Audit and a
> Pen-test? Say if the scope of the review was to look at public facing
> infrastructure, what would an IT Audit look for that a Pen-Test would not,
> and vice versa? Theres another concept I keep hearing about that is an "IT
> Healthcheck", how does that differ from the IT Audit or Pen-Test, which does
> it more closely resemble, as IT Audit or a Healthcheck? What are the
> benefits/limitations of each of these 3?
>
> With Regards
> --
> View this message in context: http://old.nabble.com/IT-Audit-vs-Pen-Test-tp31237881p31237881.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
some controls (ie PCI-DSS)
Pentest equals breaking into your systems to assess the attack vectors
and their feasability. (ie. breaking into your web servers.)
http://en.wikipedia.org/wiki/Information_technology_audit
http://en.wikipedia.org/wiki/Penetration_test
Thanks,
JiPi DiNi
On Fri, Mar 25, 2011 at 9:26 AM, cribbar <crib.bar (at) hotmail.co (dot) uk [email concealed]> wrote:
>
> Hi All,
>
> Excuse my ignorance, but what is the difference between an IT Audit and a
> Pen-test? Say if the scope of the review was to look at public facing
> infrastructure, what would an IT Audit look for that a Pen-Test would not,
> and vice versa? Theres another concept I keep hearing about that is an "IT
> Healthcheck", how does that differ from the IT Audit or Pen-Test, which does
> it more closely resemble, as IT Audit or a Healthcheck? What are the
> benefits/limitations of each of these 3?
>
> With Regards
> --
> View this message in context: http://old.nabble.com/IT-Audit-vs-Pen-Test-tp31237881p31237881.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]