Security assessments can take many different forms and it is important for the organisation to understand them, the differences between them and what they will deliver in terms of value to supporting the Cyber Security strategy.
Firstly, lets clear up an often misunderstood point. Vulnerability scanning and penetration testing aren’t the same thing. Vulnerability scanning is an automated process, a click button action which will automatically scan IP addresses for vulnerabilities using a database list of known issues. Whereas Penetration Testing is more manual in its nature, often supported by a scan, but it allows for flexibility and the skills of the ‘ethical hacker’ to be used in determining how to break in, much as a real life burglar will assess your home before choosing which window offers the easiest way in.