Index IntroductionDefinition of Compromise AssessmentsTopic AnalysisIntroductionCan an organization truly prevent a sophisticated cyber attack or is it inevitable that a targeted organization will eventually fall victim of a threat agent. Many say it's not a question of if but when. This has often made the possibility of a proactive approach to cybersecurity a hot topic of debate among security professionals. With the increase in sophisticated cyber attacks, a reactive approach to information security is no longer considered sufficient. Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an original essay In addition to measures such as measuring security controls, references, secure system and device configuration, periodic security assessments be it phishing exercises, vulnerability assessments or penetration tests are considered one of the means best for defending an organization's network. By conducting periodic assessments, an entity is able to proactively identify vulnerabilities within its environment and perhaps manually provide evidence that these vulnerabilities could be easily exploited. One such safety rating that is relatively unknown compared to VAPT is the trade-off rating. The security atmosphere is usually littered with buzzwords and one must be careful as the newly bandied terms often refer to well-known activities conducted differently. So, given that a VAPT operation could reveal an entity's susceptibility to compromise, what would make a compromise assessment? different and provides added value? Compromise Assessment DefinitionA compromise assessment is an evaluation of the organization's network and systems for artifacts of a compromise, such as resident malware communication with a command and control server, evidence of data exfiltration via ports insecure or perhaps via DNS, lateral movement across the network. Compromise assessment provides evidence of an attacker's previously unidentified footprint or the existence of various indicators of compromise, successful or unsuccessful, ongoing or dormant. This usually involves some level of forensic capability as it is important to be able to detect post-breach activity. Using the scenario of a man trying to secure valuables in his home, a vulnerability assessment is like an assessment that reveals weaknesses such as a lack of locks. , unlocked doors, weak anti-theft fences, inattentive security guards. Penetration testing physically verifies through force or social engineering that these weaknesses can be exploited, such as by sneaking past inattentive security guards and through open doors into areas of the home. The compromise assessment involves scouring the corners of the building for evidence of a break-in or attempted break-in, i.e. footprints that do not belong to any occupant of the house, tools left behind for a further break-in, CCTV footage of intruders entering and exiting without being detected. Topic Analysis Following the example above, it is easy to ignore the importance of assessing the state of an entity's compromised home since the compromise may have already occurred, however, it is important to note that many times the attacker may not be in capable of carrying out their attack and would exercise patience, remaining in the net, until the right moment presents itself. they operate with.