Expert Advice Community

Guest

If I do pen test, which controls from Annex A can be covered?

  Quote
Guest
Guest user Created:   Apr 15, 2016 Last commented:   Apr 15, 2016

If I do pen test, which controls from Annex A can be covered?

As there are more than 100 controls in ISO 27k, which one of those can be covered by performing penetration testing. So if I do pen test, which controls from 100+ can be covered?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Dejan Kosutic Apr 15, 2016

Answer: Unfortunately, out of 114 controls from Annex A, with penetration testing your would partially cover only the control A.12.6.1 "Management of technical vulnerabilities." And I say partially because pen testings wouldn't be enough to cover this control completely.

See also these articles:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 15, 2016

Apr 15, 2016