Security Audit:
An information security
audit occurs when a technology team conducts an organizational review to ensure
that the correct and most up-to-date processes and infrastructure are being
applied. An audit also includes a series of tests that guarantee that
information security meets all expectations and requirements within an
organization. During this process, employees are interviewed regarding security
roles and other relevant details.
Every organization should
perform routine security audits to ensure that data and assets are protected.
First, the audit’s scope should be decided and include all company assets
related to information security, including computer equipment, phones, network,
email, data and any access-related items, such as cards, tokens and passwords.
Next, the auditing team
should estimate the amount of destruction that could transpire under
threatening conditions. There should be an established plan and controls for
maintaining business operations after a threat has occurred, which is called an
intrusion prevention system.
Penetration Testing
|
Ethical Hacking
|
A narrow term which focuses on performing cyber security assessment on
IT systems
|
A comprehensive term in which penetration testing is only one feature
|
A tester needs to have a good knowledge and skills only in the
specific area for which he conducts pen testing
|
An ethical hacker needs to possess a comprehensive knowledge of
various programming and hardware techniques
|
Anyone who is familiar with penetration testing can perform pen tests
|
Usually is required an obligatory certification of ethical hacking
|
Access is required only to those systems on which the pen testing will
be conducted
|
Access is required to a wide range of computer systems throughout an
IT infrastructure
|
·
Non-disclosure agreement
(NDA):-
A non-disclosure agreement (NDA), also known as a
confidentiality agreement, is a legally binding contract in which one party
agrees to give a second party confidential information about its business or
products and the second party agrees not to share this information with anyone
else for a specified period of time. NDAs are used to protect sensitive information and intellectual property (IP) by outlining in detail what
information must remain private and what information can be shared or released
to the public.
NDAs are typically signed at the beginning of a
business relationship. The information covered by a NDA can be unlimited,
ranging from test results to system specifications to customer lists and sales
figures. If the NDA is broken and information is leaked, it is considered a
breach of contract.
Key elements of a NDA
include:
·
Identification of the participants
·
Definition of what is considered to be confidential
·
Duration of the confidentiality commitment
·
Exclusions from confidential protection
NDAs are commonly used at technology companies when
products are jointly developed. In such a case, the NDA is often mutual or
two-way. An NDA can also be useful when a company seeks venture capital from
potential backers. In this scenario, the NDA ensures that investors can access
the information they need to make a financial decision, but not exploit it.
In addition to an NDA, potential investors may be asked
to sign a non-compete agreement (NCA) which prevents the investor from
using information acquired during negotiation to gain a competitive advantage.
Such considerations are especially important when patents have been applied for
but have not yet been issued.
·
Black box vs white box testing
Black Box Testing
|
White Box Testing
|
Black box testing is
the Software testing method which is used to test the software without
knowing the internal structure of code or program
|
White box testing is
the software testing method in which internal structure is being known to
tester who is going to test the software.
|
This type of testing
is carried out by testers
|
Generally, this type
of testing is carried out by software developers.
|
Implementation
Knowledge is not required to carry out Black Box Testing
|
Implementation
Knowledge is required to carry out White Box Testing.
|
Programming Knowledge
is not required to carry out Black Box Testing
|
Programming Knowledge
is required to carry out White Box Testing.
|
Testing is applicable
on higher levels of testing like System Testing, Acceptance testing.
|
Testing is applicable
on lower level of testing like Unit Testing, Integration testing.
|
Black box testing
means functional test or external testing
|
White box testing
means structural test or interior testing.
|
In Black Box testing
is primarily concentrate on the functionality of the system under test.
|
In White Box testing is primarily concentrate
on the testing of program code of the system under test like code structure,
branches, conditions, loops etc.
|
The main aim of this
testing to check on what functionality is performing by the system under
test.
|
The main aim of White Box testing to check on
how System is performing
|
Black Box testing can
be started based on Requirement Specifications documents
|
White Box testing can
be started based on Detail Design documents.
|
No comments
Post a Comment