Guest user Created: Mar 16, 2018 Last commented: Mar 16, 2018

Vulnerability scanning periodicity

Does ISO 27001 specify how frequent vulnerability scanning should be performed (ie. quarterly, biannually)?

0 0

Assign topic to the user

Select user

Rhand Leal Mar 16, 2018

Answer: ISO 27001 specify only which objectives must be achieved when performing a vulnerability scanning (see control A.12.6.1 Management of technical vulnerabilities). The frequency should be defined by each organization, considering the perceived risks and the sensitiveness of the information and information systems involved.

These articles will provide you further explanation about penetration testing:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/

This material will also help you regarding penetration testing:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 16, 2018

Expert Advice Community