Penetration Testing mailing list archives

IT Audit vs Pen-Test

From: cribbar <crib.bar () hotmail co uk>
Date: Fri, 25 Mar 2011 06:26:26 -0700 (PDT)


Hi All, 

Excuse my ignorance, but what is the difference between an IT Audit and a
Pen-test? Say if the scope of the review was to look at public facing
infrastructure, what would an IT Audit look for that a Pen-Test would not,
and vice versa? Theres another concept I keep hearing about that is an "IT
Healthcheck", how does that differ from the IT Audit or Pen-Test, which does
it more closely resemble, as IT Audit or a Healthcheck? What are the
benefits/limitations of each of these 3? 

With Regards
-- 
View this message in context: http://old.nabble.com/IT-Audit-vs-Pen-Test-tp31237881p31237881.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

IT Audit vs Pen-Test cribbar (Mar 25)
- Re: IT Audit vs Pen-Test Jovon Itwaru (Mar 26)
- Re: IT Audit vs Pen-Test JiPi DiNi (Mar 26)
- <Possible follow-ups>
- Re: IT Audit vs Pen-Test vito . nozza (Mar 26)