Guest user Created: Jun 20, 2017 Last commented: Jun 20, 2017

Internal team for penetration and vulnerability tests

Can a company have their own security team and perform the penetration testing and vulnerability tests for their infrastructure. is there a must to do that with a third party? or doing with the internal employees also okay? this has become a debate in our office now

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jun 20, 2017

Answer: Yes, the penetration testing and vulnerability tests can be performed by internal employees. Regarding ISO 27001, there is no mandatory requirement demanding that these tests must be performed by a third party. What happens is that you should ensure that these tests are performed by people not directly involved with the process, so you can ensure impartiality since, like internal audits, no one should audit their own work.

This article will provide you further explanation about penetration and vulnerability tests:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

These materials will also help you regarding penetration and vulnerability tests:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 20, 2017

Expert Advice Community