Getting the best value out of security assessments
Vulnerability scan, penetration test, red team assessment, what exactly are those, what do you need in your organization, and when do you need them
Every industry has its fair share of things that are often mystery to the rest of the world.; although some terms are globally known, there is a confusion in differentiating what they mean. Some of those terms are vulnerability scans, penetration tests, and red team assessments – in complex IT environments it is a little bit hard to exactly say who should do what, but our CTO, Bojan Ždrnja, wrote a SANS ISC diary just about that topic.
If you're interested in finding out how security assessments are ranked, and what is the correct order of doing them, you can read about it here