SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Penetration testing frequency

Guest

Penetration testing frequency

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Oct 11, 2019 Last commented:   Oct 11, 2019

Penetration testing frequency

ISO 27001 & 22301

I was just curious if either ISO 27001 and/or NIST controls specify the frequency for which (network and/or application) penetration testing should be performed?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Oct 11, 2019

Neither ISO 27001 nor NIST controls define frequency for penetration testing, but a good start to define pen testing periodicity would be these criteria:
- results of previous penetration tests
- importance and related risks to the processes/systems that will be part of the penetration test's scope

This article will provide you further explanation about penetration tests:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Oct 11, 2019

Oct 11, 2019

Suggested Topics
Guest user Created:   Mar 06, 2020 ISO 27001 & 22301
Replies: 1
0 0

Toolkit content
Guest user Created:   Mar 16, 2018 ISO 27001 & 22301
Replies: 1
0 0

Vulnerability scanning periodicity
Guest user Created:   Oct 12, 2023 ISO 27001 & 22301
Replies: 1
0 0

Clarification Regarding Control Review Frequency in Policy Documents