Free PDF download: Penetration Testing and ISO 27001 – Securing your ISMS
As part of your ISO 27001 risk assessment, you must identify information security risks within the scope of your ISMS (information security management system). You can do this through penetration testing.
Penetration testing establishes whether the security in place to protect a network or an application against external threats is adequate and functioning correctly. The threats and vulnerabilities identified will form a key input of your risk assessment, while the recommended remedial actions will inform your selection of controls.
This free paper describes how penetration testing fits into an ISO 27001 ISMS project.
Download it now to discover:
- The three specific points at which penetration testing should be undertaken;
- The importance of penetration testing to ISO 27001 risk assessments;
- How penetration testing can demonstrate compliance with the Annex A controls; and
- The role of penetration testing in the continual improvement of your ISMS.
Published: March 2021
Keywords: Penetration testing, ISO 27001, information security, management systems