“37.0 percent of companies in Germany do not regularly train their employees on topics such as spam or phishing. (…) Only every third company (35.5 percent) has a patch management policy. Yet security gaps in...
In discussions with customers and interested parties, we are repeatedly confronted with the statement that security investigations (penetration tests and vulnerability scans) are not necessary in cloud scenarios because the cloud provider (e.g. Amazon Web...
What is actually the difference between a Vulnerability Scan and a Penetration Test? There seem to be interesting misconceptions about this, as we would like to show with the following practical example.
If we closely review the ISO 27001:2013 standard or the draft of the new 27001:2022, we see that the terms penetration testing and vulnerability scanning are not explicitly mentioned either as requirements or as a...
Thomas Neeff
