It’s not uncommon for the terms ‘Risk Assessment’ and ‘Penetration Test’ to be used interchangeably. The truth is, the two are very different.
A risk assessment typically involves
- Identifying areas of vulnerability or potential weakness
- Providing a roadmap to a stronger security posture
Penetration tests take that one step further
- Actively exploiting those vulnerabilities
- Determine the true ramifications of a breach to your network
- A real person thinking like…well, a real person.
Know what you’re buying! You would not believe the number of times we have seen a vulnerability scan or a risk assessment sold as if they were penetration tests. Both of these services are necessary to maintain a secure network, but the key is to know up-front what you want to achieve and to ask your security vendor the right questions.
Your organization’s size, industry, and current security posture are all factors that play a big role in determining what service is right for you. Be sure to find a security provider that you can trust to lead you down the correct path.
Check out our basic flowchart that you can use to determine which service is the best one to use for you and your organization.
If you fell into the ‘ask the experts’ category, need more information, or want to talk to us about getting the ball rolling with one of our services, don’t hesitate to contact us.