On January 22, 2021, NetSPI Managing Director Nabil Hannan was featured in TechTarget:
When you hear the term “pen testing,” what do you envision? A web app test done with a dynamic scanning tool? A test done by a human being who’s digging deep to replicate what an attacker would do in the real world?
What about the term “network pen testing?” An automated discovery of your network infrastructure resulting in a pages-long report on what assets you have? A real-life person examining how your network is architected in order to flesh out vulnerabilities?
Depending on who you ask, each of the responses above could be right. And therein lies the conundrum. There’s no standardized lexicon in the cybersecurity world and it’s causing confusion among independent and organizational security professionals alike.
For organizations, the challenge is using the right terminology so they can seek out and price comparable services to meet their security needs, as well as understand exactly what they’re consuming from the security professionals they engage. For cybersecurity professionals, the hurdle lies in understanding just what an organization needs and expects to accomplish its security goals. And, if your industry is compliance-focused, regulatory drivers will also determine what type of assessments your company must perform, making it critical that you get your terminology right.
Read the full article here: https://searchsecurity.techtarget.com/post/Standardize-cybersecurity-terms-to-get-everyone-correct-service