Expert Advice Community

Home / ISO 27001 & 22301 / Penetration testing frequency

Guest

Penetration testing frequency

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 11, 2019 Last commented:   Oct 11, 2019

Penetration testing frequency

ISO 27001 & 22301

I was just curious if either ISO 27001 and/or NIST controls specify the frequency for which (network and/or application) penetration testing should be performed?

0 0

Assign topic to the user

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.

ISO 27001 RISK TREATMENT PLAN

Determine responsibilities for the implementation of controls.
Expert
Rhand Leal Oct 11, 2019

Neither ISO 27001 nor NIST controls define frequency for penetration testing, but a good start to define pen testing periodicity would be these criteria:
- results of previous penetration tests
- importance and related risks to the processes/systems that will be part of the penetration test's scope

This article will provide you further explanation about penetration tests:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Oct 11, 2019

Oct 11, 2019

Suggested Topics
Guest user Created:   Mar 06, 2020 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content
Guest user Created:   Mar 16, 2018 ISO 27001 & 22301
Replies: 1
0 0

Vulnerability scanning periodicity
Guest user Created:   Oct 12, 2023 ISO 27001 & 22301
Replies: 1
0 0

Clarification Regarding Control Review Frequency in Policy Documents