1. Explain different types of cyber security testing (AC 1.1)

Vulnerability scanning The National Institute of Standards and Technology (NIST) defines vulnerability scanning as a "technique used to identify host/hosts attributes and associated vulnerabilities." Vulnerability scanning uses automated tools to check for security weaknesses in computers, systems, networks or applications. The tools scan for known vulnerabilities - outdated software versions, misconfigurations, or weak passwords. Security scanning Security scanning combines both automated tools and manual techniques to assess the overall security state of a system. It checks or vulnerabilities, misconfigurations and other security risks. This can be done across networks, applications and devices. This process is helpful for organisations to understand their security weaknesses and it helps them implement safety measures to mitigate the potential threats. "Since no one technique can provide a complete picture of the security of a system or network, organisations should combine appropriate techniques to ensure robust security assessments" - NIST's Technical Guide to Information Security Testing and Assessment Social engineering testing A quick reminder of what social engineering is by the National Cyber Security Centre "a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information" Social engineering testing is exactly this, but done within a company on their own employees to test if they fall for the 'scam'. Penetration testing Is an authorised cyberattack on a system to identify and exploit vulnerabilities. "A method for gaining assurance in the security of an IT system by attempting to breach some or all of that system's security, using the same tools and techniques as an adversary might." - NCSC Ethical hacking/red teaming This testing goes above and beyond and combines some of the testing listed above, pentesting, social engineering attacks, phishing and more. It simulates a real world attack to test the organisations overall security response, including detection and defence capabilities. This can be done by an individual or by a group of ethical hackers. It can be either people already working for the organisation, or external hired company.