Expert Advice Community

Guest

Penetration testing frequency

  Quote
Guest
Guest user Created:   Oct 11, 2019 Last commented:   Oct 11, 2019

Penetration testing frequency

I was just curious if either ISO 27001 and/or NIST controls specify the frequency for which (network and/or application) penetration testing should be performed?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 11, 2019

Neither ISO 27001 nor NIST controls define frequency for penetration testing, but a good start to define pen testing periodicity would be these criteria:
- results of previous penetration tests
- importance and related risks to the processes/systems that will be part of the penetration test's scope

This article will provide you further explanation about penetration tests:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Oct 11, 2019

Oct 11, 2019

Suggested Topics