I have several questions regarding security. I have formed a business and I would like to focus on network security and what services I can provide:

1 - What is performed in an application security assestment. What does it consist of?

2 - When performing a a true penetration test of a business what is involved? What does it consist of?

3 - What is the difference between a Penetration Test and a Wireless security assestment?

4 - What does ensuring data entegrity consist of? How would one achieve this ?

5 - Can anyone point me in the right direction of find an IT guideline for Health Insurance Portability & Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS) and Sarbanes-Oxley (SOX) compliancy ?

i find it hard to believe that someone would start a security business and THEN start asking/learning about these things... are you sure this isn't homework??? hehe...

anyways, here's some links i googled for you, it's not much but it's my ... i'm sure others will provide more and better stuff...

http://en.wikipedia.org/wiki/HIPAA

http://en.wikipedia.org/wiki/Sarbanes-Oxley_Act

http://www.technicalinfo.net/papers/...Questions.html

http://www.penetration-testing.com/

good luck with your paper...

i find it hard to believe that someone would start a security business and THEN start asking/learning about these things...
Hmm, starting a business w/o getting basics right first isn't the best thing to do IMHO.


i'm sure others will provide more and better stuff...
Don't be too sure, because:

@metallica1973: now you do know where to find the list with sites that contain security news and backgrounds. You might even have read some of those sites for no particular reason just to build up knowledge. If you didn't I would suggest you do so. To get a grip on what's being done in the field: simply check your "competitors". Wrt to definitions, methodology and cases check out the SANS reading room, owasp.org and securityfocus.com. In closing HIPAA, PCI DSS and SOX are all perfect search terms. Don't get me wrong here, if you have specific questions I'd love to answer them, but asking such broad questions to me means you gotta read up first.

All I am trying to do is to determine if I am on the right track not some idiot trying to maliciously cause destruction. I was under the impression that I could ask a professional question and get a professional anwser in this forum. I have noticed that everytime I ask a question in this arena everyone is very hestitant on give out some information in fear of creating a monster. That may be the case with some of these teenage cyborgs that dont even know what a girls is but not in my case. At least anwser this question if you are not going to awnsering the other. It is true that one needs to know how to hack in order to defend against a hacker. At least give me that. A point I would like to make for the people who do not know the meaning of running a business is and what is involved (I wont mention any names). If I dont have a skill that I need to run my business there is something called smarts in hiring someone who does.