Penetration Testing and ISO 27001

Penetration testing is an essential component in any ISO27001 ISMS – from initial development through to ongoing maintenance and continual improvement.

Control Objective A.12.6 of ISO27001: 2013 requires the management of technical vulnerabilities, and states that “information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.”

Wireless networks are an extension of your organisation’s infrastructure and should be tested as part of an ongoing security testing exercise. An insecure wireless network means that your organisation is exposed to threats and your security posture can be compromised. Rogue wireless access points are often unwittingly created by untrained employees and can pose serious threats to your infrastructure.

The IT Governance Level 1 Wireless Penetration Test can help you find and fix WLAN weaknesses before attackers take advantage of them. By regularly performing a Level 1 penetration test on your wireless network, you can identify and close any security holes before a hacker can slip through them.