Information Security Questions and Answers

What is Cyber Security, and how is it different than Information Security?

The terms are often used interchangeably.   However, Information Security covers security over all aspects of systems, applications, and data, whereas Cyber Security focuses more on Internet based security risks.  


What's the difference between a Cyber Security Assessment and a Penetration Test / Ethical Hack?

A Cyber Security Assessment is a broad assessment that documents the business processes and technologies used in those processes.  In addition, it identifies the cyber risks that the organization is vulnerable to, and determines whether adequate security controls and practices are in place.  A Penetration Test or Ethical Hack involves Ethical Hackers utilizing hacker tools and methodologies to identify technical system and application weakness, and exploit the weaknesses to gain access over systems, applications and data.  These are two very different and useful exercises, when the Cyber Security Assessment is performed first, and recommendations from the assessment are put in place to be tested for effectiveness by the Ethical Hackers in a Penetration Test. 

Are Vulnerability Assessments and Penetration Tests the Same Thing?

No.  A Vulnerability Assessment is the process of an IT Security professional running scanning tools to determine if you systems and/or applications are vulnerable to attack due to missing patches, default user accounts, default passwords, mis-configurations, etc.  A Penetration Test is a comprehensive exercise where Ethical Hackers utilize hacker tools and hacker methods to identify as many security weaknesses in your computer environment in the time allotted by the testing time-frame.

Is Using Cloud Computing Secure?

Like most things, it depends.  The large Cloud providers, ie. AWS, Microsoft, RackSpace, IBM, etc. utilize state of the art security.  Where the Cloud can be insecure is on the client side.  Depending on the Cloud service you are paying for, you may be responsible for some of the security tasks.  In addition, if you are connecting to your Cloud environment and your office network or your PC are not properly secured, then you could be compromising your Cloud.  Many of the Cloud providers make a Client Security Checklist available for your use to assist you in having a secure Cloud environment.