Vulnerability scanning periodicity
Assign topic to the user
Answer: ISO 27001 specify only which objectives must be achieved when performing a vulnerability scanning (see control A.12.6.1 Management of technical vulnerabilities). The frequency should be defined by each organization, considering the perceived risks and the sensitiveness of the information and information systems involved.
These articles will provide you further explanation about penetration testing:
- How to use penetration testing for ISO 27001 A.12.6.1 https://advisera.com/27001academy/blog/2016/01/18/how-to-use-penetration-testing-for-iso-27001-a-12-6-1/
- How to manage technical vulnerabilities according to ISO 27001 control A.12.6.1 https://advisera.com/27001academy/blog/2015/10/12/how-to-manage-technical-vulnerabilities-according-to-iso-27001-control-a-12-6-1/
This material will also help you regarding penetration testing:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
Comment as guest or Sign in
Mar 16, 2018