“Those who do not plan security are the one programming failure”
Vulnerability Assessment, Penetration Test & Security Audit
The introduction of GDPR has made the term “Vulnerability Assessment” or “Penetration Test” more popular. The two are often suggested by IT experts as almost identical services, two names that essentially mean the same thing.
It’s not that.
The difference between the two operations is considerable, both in terms of modalities and implementation.
In a nutshell, the first (VA) aims to verify the potential vulnerabilities of systems and apps through scanning mechanisms almost completely automated and security analysis tools, whereas the second (PT) aims to simulate a real attack with targeting goals, also setting up a Red Team (attack) and a Blu Team (defense), if appropriate, in order to test the safety and resilience of the organization’ security system employing highly specialized staff.
These techniques can have an operational nature more than and IT nature, for example in the context of social engineering.
These activities become the essential starting element to amend the organization’ security critical issues, whether to comply with the GDPR requirement or to achieve a certification (e.g. 27001).
Orlandi&Partners Studio Legale cooperates together with external experts to guide its Clients in the process of security compliance and to identify the security system vulnerabilities.
The term digital forensics refers to all the activities designed to recover and analyse the content of digital and electronic devices, for a subsequent use in a forensic scenario (e.g. obtaining evidence, expert survey, etc.).
They are advanced techniques allowing in certain cases to strengthen a probative framework in the light of a litigation or to rebuild, recreate and retrace a criminal event dynamics (e.g. among the others, unlawful access, ownership impairing, data theft, etc.)
Orlandi&Partners Studio Legale provides those services to its Clients through the partnership with certified and highly competent companies, connecting their experience with the skills of the Firm developed thanks to years of work in the field.