Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis and are required by standards such as PCI, HIPAA and ISO 27001.

The Five Stages of Vulnerability Management

A key to having a good information security program within your organization is having a good vulnerability management program. Most, if not all, regulatory policies and information security frameworks advise having a strong vulnerability management program as one of the first things an organization should do when building their information security program. The Center for Internet Security specifically lists it as number three in the Top 20 CIS Controls.