Technical FAQ


What is a vulnerability assessment?

Vulnerability (or "vuln") testing is an effort to measure the effectiveness of network security controls from a technical standpoint. An engineer (i.e. white-hat hacker) performs a series of scans to identify potential weaknesses that, left unchecked, could allow an attacker to compromise the system and/or data integrity.

What is a penetration test?

A penetration (or "pen") test is performed by an engineer (i.e. white-hat hacker) as a more intense version of the standard vulnerability assessment. The goal is to validate weaknesses using manual methods to emulate a malicious attempt to compromise a system and/or data integrity.

What are the different types of penetration tests?

There are four main types of penetration (or "pen") tests.

  • External: By far the most common type of penetration testing, an engineer (i.e. white-hat hacker) attempts to remotely exploit vulnerabilities to gain unauthorized access to the victims network.
  • Internal:  An engineer attempts to gain access and to escalate privileges to administrator level within the internal network. This test is performed on location and requires only a simple Ethernet port to run exploits and identify weaknesses that could provide a point of entry.
  • Wireless: An engineer performs an internal penetration test using an existing WIFI connection instead of an Ethernet port.
  • Web Application: Engineers utilize tools and testing methods to determine if a web application is susceptible to known vulnerabilities. This test can be performed from both unauthenticated and authenticated perspectives.

<!--

What is the HIPAA Final Security Rule?
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information.
See more information
HIPAA Final Rule
The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties. See more here

 

What does PHI stand for?

Definition of PII

What does ePHI stand for?

Definition of PII

 

What is a white-hat hacker?

A white-hat hacker is an individual who operates within the law and typically engages in hacking activities to expose potential vulnerabilities...

 

What is Texas HB300?

Information on Texas HB300

 

How do I become HIPAA compliant?

Information on the steps it takes to become HIPAA compliant

 

What kinds of organizations fall under HIPAA?

Types of organizations that fall under HIPAA

 
-->