- The software flaw that could beam out passwords by DNS read more
- Equifax data breach defense: the latest updates read more
- PCI Issues Security Awareness Guidance read more
- OWASP Testing Guide V4 released September 17th. 2014 read more
- Want to Limit PCI DSS Scope? Use Tokenization read more
NEWS:
- Check back later for more events
EVENTS:
Frequently Asked Questions
Some commonly asked questions...
What is the difference between a vulnerability scan and a penetration test?
A vulnerability scan (or even a vulnerability assessment) looks for known vulnerabilities in your systems and reports potential exposures. A penetration test is designed to actually exploit weaknesses in the architecture of your systems. Where a vulnerability scan can be automated, a penetration test requires various levels of expertise within your scope of systems. In short a technician runs a vulnerability scan while a hacker (in our case, an ethical hacker) performs a penetration test. It could be better described as “looking for ways to exploit the normal course of business.”
I need a PCI scan. Are you an approved scanning vendor?
We can run and manage your PCI scans, although we are not an approved scanning vendor (ASV). We do have consulting licenses for approved scanning products and in most cases can save you time and money by conducting the scans for you. Additionally, you will have our expert eyes on your results and can help with remediation if necessary.
What is the difference between iso27001 and iso27002?
The most rudimentary difference is that the ISO 27001 standard has an organizational focus in that it details a set of requirements against which an organization’s Information Security Management System can be audited. ISO 27002 on the other hand is more focused on the individual and provides a code of practice and a body of knowledge for use by individuals within an organization.
The ISO 27001 International Standard is about requirements related to security techniques for information technology and information security management systems. It is an internationally recognized standard codifying the audit requirements for an Information Security Management System, or ISMS.
ISO 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad (confidentiality, integrity and availability).