What is a vulnerability assessment?
Vulnerability (or "vuln") testing is an effort to measure the effectiveness of network security controls from a technical standpoint. An engineer (i.e. white-hat hacker) performs a series of scans to identify potential weaknesses that, left unchecked, could allow an attacker to compromise the system and/or data integrity.
What is a penetration test?
A penetration (or "pen") test is performed by an engineer (i.e. white-hat hacker) as a more intense version of the standard vulnerability assessment. The goal is to validate weaknesses using manual methods to emulate a malicious attempt to compromise a system and/or data integrity.
What are the different types of penetration tests?
There are four main types of penetration (or "pen") tests.
- External: By far the most common type of penetration testing, an engineer (i.e. white-hat hacker) attempts to remotely exploit vulnerabilities to gain unauthorized access to the victims network.
- Internal: An engineer attempts to gain access and to escalate privileges to administrator level within the internal network. This test is performed on location and requires only a simple Ethernet port to run exploits and identify weaknesses that could provide a point of entry.
- Wireless: An engineer performs an internal penetration test using an existing WIFI connection instead of an Ethernet port.
- Web Application: Engineers utilize tools and testing methods to determine if a web application is susceptible to known vulnerabilities. This test can be performed from both unauthenticated and authenticated perspectives.
What is the HIPAA Final Security Rule?
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. See more informationHIPAA Final RuleThe U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties. See more here
What does PHI stand for?
Definition of PII
What does ePHI stand for?
Definition of PII
What is a white-hat hacker?
A white-hat hacker is an individual who operates within the law and typically engages in hacking activities to expose potential vulnerabilities...
What is Texas HB300?
Information on Texas HB300
How do I become HIPAA compliant?
Information on the steps it takes to become HIPAA compliant
What kinds of organizations fall under HIPAA?
Types of organizations that fall under HIPAA