Penetration testing is a best practice component of any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.

Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.”

Benefits of having a Security Penetration Assessment

A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure and web applications. By conducting this test, you can:

  • Avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
  • Prevent breaches and subsequent regulatory fines
  • Satisfy relevant regulatory requirements or legislation

Our service offering

  • A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
  • Careful scoping of the test environment to establish the exact extent of the testing exercise.
  • A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
  • A series of automated vulnerability scans.
  • Immediate notification of any critical vulnerabilities to help you take action quickly.
  • A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
  • A list of recommended countermeasures to address any identified vulnerabilities.
  • An executive summary that explains what the risks mean in business terms.