Home /

Penetration Test for ISO/IEC 27001 ISMS

Penetration Test for ISO/IEC 27001 ISMS

Talk to an expert

+ 44 (0) 203 9833 166
CONTACT
CONTACT US

Penetration Test for ISO/IEC 27001 ISMS

Penetration testing simulates a malicious attack to determine if your internet security is adequate, functioning properly, and can actually withstand external threats.

What is a penetration test?

Cyber-attacks are a risk for any business, regardless of their size, industry or location. Penetration testing simulates a malicious attack to determine if your internet security is adequate, functioning properly, and can actually withstand external threats.

Why should organisations do a penetration test?

Penetration testing is an essential component of any ISO/IEC 27001 Information Security Management System (ISMS), from initial development to ongoing maintenance and continuous improvement.

ISO/IEC 27001 control objective A12.6 (Technical Vulnerability Management) states that ‘the timely information about the technical vulnerabilities of the information systems used should be obtained, the assessment of the organization’s exposure to such security vulnerabilities, and the appropriate measures taken against the relevant risk’.

The nature of information technology assets means that they can have many technical vulnerabilities that could be exploited by outside attacks. Automatic and random attacks target identifiable vulnerabilities in hardware and software, regardless of the organization they own. These vulnerabilities include patched software, insufficient passwords, poorly coded websites, and unsafe applications.

The logical point at which you should run a penetration test is after you have identified the assets to be included in the ISMS scope. Penetration test results identify vulnerabilities in detail, along with the threat that could exploit them, and often also determines appropriate remedial actions. Identified threats and vulnerabilities will be an important input to your risk assessment, and the detected corrective action will inform your control choice.

How does penetration testing fit into my ISO/IEC 27001 project?

There are certain points in your ISMS project where penetration testing makes a significant contribution:

  • As part of the risk assessment process, uncovering vulnerabilities in Internet-facing IP addresses, web applications or internal devices and applications and linking them to identifiable threats.
  • As part of the risk treatment plan, ensuring that the controls implemented are actually working as designed.
  • As part of ongoing continuous improvement processes, ensuring that controls continue to function as needed and that new and emerging threats and vulnerabilities are identified and addressed.
ISO 9001 QMS

ISO 9001 is the international standard designed to help organisations implement a Quality Management System (QMS).

 Learn More
About Cert Areas Services Process Events & News UKAS Accreditation IAS Accreditation CPD Accreditation Contact Us
cfe cert linkedin
iso 27001 certification iso 22301 certification iso 37001 certification iso 20000 certification bs 10012 certification gdpr certification
© 2021 - CFECERT | All rights reserved
Cookies Policy Privacy Policy Terms & Conditions
About Cert Areas Services Process Events & News UKAS Accreditation IAS Accreditation CPD Accreditation Contact Us Cookies Policy Privacy Policy Terms & Conditions
cfe cert linkedin
© 2021 - CFECERT | All rights reserved
iso 27001 certification iso 22301 certification iso 37001 certification
iso 20000 certification bs 10012 certification gdpr certification