Penetration testing is a best practice component of any ISO 27001-compliant information security management system (ISMS), from initial development to ongoing maintenance and continual improvement.
Control A.12.6.1 of ISO 27001:2013 specifies that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.”
Benefits of having a Security Penetration Assessment
A vulnerability assessment or penetration test is the best method for identifying these vulnerabilities in systems, infrastructure and web applications. By conducting this test, you can:
- Avoid damaging your brand’s reputation with the bad publicity associated with a security compromise
- Prevent breaches and subsequent regulatory fines
- Satisfy relevant regulatory requirements or legislation
Our service offering
- A detailed consultation session to identify the depth and breadth of the tests required (on either an internal network or external network, depending on your needs).
- Careful scoping of the test environment to establish the exact extent of the testing exercise.
- A range of manual tests conducted by our team of highly skilled penetration testers, using a methodology closely aligned with the Open Source Security Testing Methodology (OSSTM).
- A series of automated vulnerability scans.
- Immediate notification of any critical vulnerabilities to help you take action quickly.
- A detailed technical report that identifies and explains the vulnerabilities (ranked in order of significance).
- A list of recommended countermeasures to address any identified vulnerabilities.
- An executive summary that explains what the risks mean in business terms.