difference between vulnerability assessment and penetration testing

What is the difference between vulnerability assessment and penetration testing?

There is often confusion around the role of a vulnerability assessment versus a penetration test. This is compounded by unscrupulous security vendors presenting (and pricing) a vulnerability assessment as a penetration test. Aside from poor ROI, this can give an organisation a false sense of security, when in fact they have only received a basic […]

Demonstrating the ROI of Security Penetration Testing to Management

Demonstrating the ROI of Security Penetration Testing to Management

How do you demonstrate the ROI of Security Penetration testing ? From the management team’s point of view, making the decision to commit to an ongoing cybersecurity budget may be seen as adding yet another expense, with little visibility of a return on investment (ROI). This is particularly true for organisations who are not involved in […]

December 2018 Security Report | Shearwater Solutions

Featured this month: Exposed Remote Desktop connections create a soft target for attackers, email distribution platforms are increasingly being hijacked to facilitate mass phishing campaigns, several Self Encrypting Drives have multiple vulnerabilities, a VirtualBox Zero Day vulnerability, breaches that caused inconvenience for Dell, created danger and disruption for an Ohio hospital and exposed over 500,000 […]

WebEx Vulnerabilities

WebEx, LibSSH Authentication & D-Link Router Vulnerabilities | Shearwater InfoSec Report

The Information Security Report is a monthly summary, compiled by Shearwater’s experienced cybersecurity professionals, to highlight the vulnerabilities and new attack vectors in some of the latest active threats, exploits and breaches and share recommendations to help you protect your data and stay a step ahead. Featured this month: A WebEx vulnerability that allows a […]

Business Email Compromise BEC Attacks

What you need to know about Business Email Compromise (BEC) attacks

Business Email Compromise (BEC) attacks are increasing at an alarming rate and look set to continue as a favoured method of cyberattack in the future. In this blog article, Shearwater’s social engineering and phishing expert, Damian Grace, provides guidance on what you can do TODAY to reduce your organisation’s risk. In a concerning trend, Australia […]

IRAP Frequently Asked Questions

IRAP Frequently Asked Questions

What is IRAP? The Information Security Registered Assessors Program (IRAP) is an initiative of the Australian Signals Directorate (ASD) through the Australian Cyber Security Centre (ACSC) to ensure the standard of cybersecurity and information security assessments for Information and Communications Technology (ICT) systems that process or store government information. A certified IRAP Assessor’s role is […]

Manage a Security Data Breach

The 5 most important things to consider during a data breach

Notifiable Data Breach Learning that you have experienced a data breach is an uncomfortable moment in any person’s life. Especially if you are a cyber security professional charged with keeping information safe and secure. More so if a third party tells you that you have seemingly lost information. Unfortunately, any day involving a data breach […]

Notifiable Data Breach

5 things to help you prepare for the Notifiable Data Breach scheme

Following on from my last post that covered the 5 things you need to know about the Notifiable Data Breach (NDB) scheme, this post is focused on the 5 things you really must do, in order to be prepared for the Notifiable Data Breach scheme. As you will remember the NDB impacts a significant number […]

Data Breach Notification

The 5 things you need to know about the Notifiable Data Breach scheme

Mandatory Data Breach Disclosure and the Notifiable Data Breach (NDB) scheme are both really hot topics at the moment. There is a number of experts from the legal, cyber security and business community all providing their advice, many providing guidance in forensic detail on what should be done to prepare an organisation for this change. […]

December Security Report

Information Security Report – December 2017

Over the past month, we have seen a number of threats, vulnerabilities, and spear phishing attacks affecting organisations worldwide. Read on for a summary of these events to help you assess their implication on your environment. Threats and Exploits Mailsploit Mailsploit Allows Spoofed Mails to Fool DMARC. Mailsploit is a collection of vulnerabilities in various […]