New Training: Explain Compliance-based Assessments
In this 5-video skill, CBT Nuggets trainer Shawn Powers identifies the key aspects of compliance-based assessments, including rules, policies, limitations, and more. Watch this new CompTIA training.
Learn CompTIA with one of these courses:
This training includes:
- 5 videos
- 16 minutes of training
You’ll learn these topics in this skill:
- Intro to Compliance Assessments
- Identifying Various Compliance-based Standards
- Using Pre-defined Rules for a Pentesting Engagement
- Understanding Password Policies and Key Management
- Handling Data Isolation and Limited Access
Which is Better: Compliance or Risk Assessments?
Compliance-based assessments are used to ensure that organizations, companies, and even entire industries align with specific security standards. Businesses that deal with financial information or healthcare data must protect those details from being compromised, and standards like those published by the NIST outline best practices and requirements.
This approach stands in stark contrast to risk-based assessments.In the latter, cybersecurity professionals examine a company's systems and networks to identify weaknesses that could be exploited, then propose customized solutions to resolve any issues they find. Compliance-based assessments, however, evaluate an organization's systems and networks against a published standard to see how they measure up to those requirements.
Look at it this way: when a government inspector comes out to a construction site, he checks the plumbing and the electrical systems to ensure they align with local building codes–that's a compliance assessment. When you buy a home and a house inspector gives the building a scrub from top to bottom, he's looking for any issues that have developed over the years that might cause problems. That's an example of a risk-based assessment.
Both types of evaluations are necessary, but it's even more critical to understand the difference between the two and how each should be used.