Re: IT Audit vs Pen-Test

[Jovon Itwaru <jovon.itwaru () gmail com>]

Usually an audit results in a pass or fail.

The assessment is based upon standards or other measurements such as NIST, OWASP, OCTAVE, etc..

Many times, the assessment gets the network, application, or system(s) ready for an audit.


Thanks,

Jovon 

On Mar 25, 2011, at 9:26 AM, cribbar wrote:

> Hi All, 
>
> Excuse my ignorance, but what is the difference between an IT Audit and a
> Pen-test? Say if the scope of the review was to look at public facing
> infrastructure, what would an IT Audit look for that a Pen-Test would not,
> and vice versa? Theres another concept I keep hearing about that is an "IT
> Healthcheck", how does that differ from the IT Audit or Pen-Test, which does
> it more closely resemble, as IT Audit or a Healthcheck? What are the
> benefits/limitations of each of these 3? 
>
> With Regards
> -- 
> View this message in context: http://old.nabble.com/IT-Audit-vs-Pen-Test-tp31237881p31237881.html
> Sent from the Penetration Testing mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified. 
>
> http://www.iacertification.org
> ------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------