Frequently Asked Questions

Some commonly asked questions...

What is the difference between a vulnerability scan and a penetration test?

A vulnerability scan (or even a vulnerability assessment) looks for known vulnerabilities in your systems and reports potential exposures. A penetration test is designed to actually exploit weaknesses in the architecture of your systems. Where a vulnerability scan can be automated, a penetration test requires various levels of expertise within your scope of systems. In short a technician runs a vulnerability scan while a hacker (in our case, an ethical hacker) performs a penetration test. It could be better described as “looking for ways to exploit the normal course of business.”

I need a PCI scan. Are you an approved scanning vendor?

We can run and manage your PCI scans, although we are not an approved scanning vendor (ASV). We do have consulting licenses for approved scanning products and in most cases can save you time and money by conducting the scans for you. Additionally, you will have our expert eyes on your results and can help with remediation if necessary.

What is the difference between iso27001 and iso27002?

The most rudimentary difference is that the ISO 27001 standard has an organizational focus in that it details a set of requirements against which an organization’s Information Security Management System can be audited. ISO 27002 on the other hand is more focused on the individual and provides a code of practice and a body of knowledge for use by individuals within an organization.

The ISO 27001 International Standard is about requirements related to security techniques for information technology and information security management systems. It is an internationally recognized standard codifying the audit requirements for an Information Security Management System, or ISMS.

ISO 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad (confidentiality, integrity and availability).