Ask the Expert: Penetration Testing
Penetration Testing for HIPAA Compliance
Penetration testing is a critical line of defense when protecting your organization’s sensitive assets – especially Electronic Protected Health Information (ePHI). Penetration testing is the process of performing authorized security testing of an environment to identify and exploit weaknesses associated with the targeted systems, networks, and applications before those weaknesses can be exploited by a real attacker. When performed in support of HIPAA compliance, the goal is to identify issues that could result in unauthorized access to ePHI.
In this webinar, KirkpatrickPrice’s Lead Penetration Tester answers your questions about penetration testing, including:
- What is the difference between penetration testing and vulnerability scanning?
- Should penetration testing include a human element or can it be done using tools alone?
- Do I have to hire a third party to perform penetration testing?
- How often should I have penetration testing done when preparing for a HIPAA assessment?
- Should I retest after remediation? Should that be included from the firm I work with?
- How do I know which level of penetration testing is right for me? What are the options?
- How do you choose targets in large IP address spaces?
- What is the difference between web application penetration testing and network penetration testing?
- Does penetration testing include API testing?
- How do you balance applying automated tools to the target vs something manual to the target, like someone at a laptop?
- As the IT landscape continuously grows, how do you ensure that you get the correct skills on a penetration test, since no one knows everything?
- How does KirkpatrickPrice price penetration testing engagements?
More Penetration Testing for HIPAA Compliance Resources
HHS.gov HIPAA Security Rule for Professionals
164.308(a)(8) Standard: Evaluation
NIST SP800-66 – (HIPAA Implementation Guidance)
National Institute of Standards and Technology (NIST) SP800-115
Open Source Security Testing Methodology Manual (OSSTMM)
Open Web Application Security Project (OWASP)