Fitting Together Penetration Testing and ISO27001
February 2, 2017 BY Marika Samarat from IT Governance US
An ISMS is composed of people, processes and technology. Because information technology assets are often affected by technical vulnerabilities.
With penetration testing; tests and scans, therefore analyzes the assets included in the scope of ISMS, identify vulnerabilities, link them to potential threats, and provide guidance on appropriate remedial action. The identified vulnerabilities and threats can then be included in your risk assessment, and the recommended remedial actions will inform your selection of controls. Click here to find out More
Include in your Penetration Test Strategy,
- Risk assessment process
- Risk treatment plan
- Ongoing continual improvement processes