USA
Select regional store:

Penetration Testing and Compliance

 

Connecting compliance with penetration testing

Compliance requirements aside, penetration testing is a critical aspect of any security program. The continually evolving threat landscape brought about by the ever-increasing complexity of attack techniques underscores the need for organizations to continually monitor and manage vulnerabilities.

In today’s regulated environment, many organizations are looking for better ways to continually assess their compliance posture. Various regulations and standards have multiple components specifically related to system auditing and security, and either indicate or specify that penetration testing is necessary to determine whether identified vulnerabilities pose a genuine risk to an organization.

PCI DSS

Regulation


What is it?


The PCI DSS was set up to help businesses process card payments securely and reduce card fraud. It achieves this through enforcing tight controls surrounding the storage, transmission, and processing of cardholder data that businesses handle. The PCI DSS is intended to protect sensitive cardholder data.

Requirement


Requirement 11.3 of the PCI DSS describes the need to regularly carry out penetration testing to identify unaddressed security issues and scan for rogue wireless networks.

Find out more

ISO 27001

Regulation


What is it?


An essential component of ISO 27001 compliance (and potentially for achieving certification) is performing a penetration test. With penetration testing, organizations can effectively identify where to make improvements to the information security management system (ISMS). Penetration testing also forms part of an effective continual improvement regime.

Requirement


ISO 27001 control objective A12.6 (Technical Vulnerability Management) says that “Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organisation's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.”

Find out more

Connecting compliance with regular penetration testing

In today’s regulated environment, many organizations are looking for better ways to continually assess their compliance posture. Various regulations and standards have multiple components specifically related to system auditing and security, and either indicate or specify that penetration testing is necessary to determine whether identified vulnerabilities pose a genuine risk to an organisation.

These include (but are not limited to):


Offering practical solutions to help you meet your legal, regulatory and contractual requirements

Our expertise in standards such as the PCI DSS, the GDPR and ISO 27001 means we can offer an integrated approach to your testing challenges and develop suitable solutions that will enable you to reduce your risks and ensure compliance with standards, frameworks, legislation and other business requirements.

This website uses cookies. View our cookie policy