Difference between Ethical hacking & Security Auditing

Undefined

Because most people confuse security testing seen from the ethical hacking approach with security auditing, I will try to explain it. The main differences are the objectives.

Security auditing involves comparing a business security policies to what’s actually happening. The intent of security auditing is simply to validate that a security control exist and auditing often involves reviewing the business processes, which in many cases aren't very technical. You can think of security
audits as security checklists.

Now ethical hacking focus on system or software vulnerabilities that can be exploited by hackers to take over the computer or network. This type of approach validates that security controls do not exist or don't work. Ethical hacking can be either technical or nontechnical. Working as an ethical hacker, you need to have a well documented security testing policy, like who is doing the tests, procedures, which softwares will be used and when ( what time of day / date ) the tests will take place, so they do not interfere with business hours.

If you are living in the U.S.A, you need to worry about the following if you decide to work as a pentester, you need to consider state, federal and international laws. Particular, the Digital Millennium Copyright Act (DMCA), which can get you into deep trouble.

In the United States, there is HIPAA ,HITECH Act, GLBA, NERC, CIP requirements, not to mention PCI DSS which all demands strong security controls and consistent security evaluations.

International laws such as the the European Union’s Data Protection Directive, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) or Japan’s Personal Information Protection Act (JPIPA) are no different.

Make sure you get approval before you start any pentesting and get a written consent from the manager of the company and if you’re testing for a client, make sure to have a lawyer draw up a contract stating the client’s support and authorization and get it signed.

Make sure you have an insurance, just in case something goes awry and they decide to fire you, sue you, or charge you with criminal activity.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.