Feb 25 2013

PENETRATION TESTING & ISO27001

Category: ISO 27k,Pen TestDISC @ 10:38 pm

penetration testing

Penetration testing (often called “pen testing” or “security testing”) establishes whether or not the security in place to protect a network or application against external threats is adequate and functioning correctly. It is an essential component of most ISO27001 and UK public sector contracts.

Why would my company need penetration testing services?

In a world where attacks on networks and applications are growing in number at an exponential rate, and the penalties incurred by organisations for failing to defend against such attacks are becoming ever steeper, effective penetration testing is the only way of establishing that your networks and applications are truly secure. Penetration testing is also an essential component in any ISO27001 ISMS – from initial development through to on-going maintenance and continual improvement.

How does penetration testing fit into my ISO27001 ISMS project?

There are three specific points in your ISMS project at which penetration testing has a significant contribution to make:

1. As part of the risk assessment process: uncovering vulnerabilities in any Internet-facing IP addresses, web applications, or internal devices and applications, and linking them to identifiable threats.

2. As part of the Risk Treatment Plan ensuring controls that are implemented do actually work as designed.

3. As part of the on-going corrective action/preventive action (CAPA) and continual improvement processes; ensuring that controls continue to work as required and that new and emerging threats and vulnerabilities are identified and dealt with.

The Basics of Hacking and Penetration Testing
This guide will show you how to undertake a penetration test or as it is sometimes known an ethical hack. This book focuses on how to hack one particular target, this allows you to see how the tools and phases of the pen test relate. to get your copy of The Basics of Hacking and Penetration Testing
ITG | eBay | Amazon

Penetration Testing – Protecting Networks and Systems
An essential guide to penetration testing and vulnerability assessment, which can be used as a Certified Penetration Testing Engineer Exam Prep Guide. to get your copy of your Penetration Testing – Protecting Networks and Systems
ITG | eBay | Amazon

Tags: Information Security, Information Security Management System, ISO/IEC 27001, Penetration test

One Response to “PENETRATION TESTING & ISO27001”

  1. Shaun Peapell says:

    In my personal opinion penetration testig is vital, and by far one of the best methods in order to check for potential vulnerabilities within an organisations server.

Leave a Reply

You must be logged in to post a comment. Login now.