VAPT, cybersecurity and ISO 27001
Assign topic to the user
Answer: ISO 27001 is a management standard, so it does not go far on technical aspects of security controls, including VAPT (Vulnerability Assessment and Penetration Test). It focus on establishing control objectives (which should be achieved by implementing the controls) and general requirements for applicable controls. ISO 27002, a supporting standard for implementation of ISO 27001 controls, provides additional details and guidance for controls implementation, but also does not go deep on technical details.
For details regarding cyber security, you should consider the ISO 27032 standard, which provides specific information about cybersecurity related controls. For more information, see this article: ISO 27001 vs. ISO 27032 cybersecurity standard https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/
These articles will provide you further explanation about ISO 27001 controls:
- The basic logic of ISO 27001: How does in formation security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
Comment as guest or Sign in
May 15, 2018