Vanessa’s organization is a US-based health-care organization that is required to be com- pliant with HIPAA. What type of external assessment should they conduct?

The Health Insurance Portability and Accountability Act (HIPAA) is a regulation, and organizations that must comply with laws need to conduct regulatory assessments. Offensive testing is a penetration testing model that mirrors actual attackers. Known environment test- ing leverages full knowledge of an organization as part of a penetration test. Physical testing validates physical security controls.