APPENDIX 3: REGULATIONS AND LEGISLATION

The pen tester may be required to provide the client organization with a proof of compliance with certain legislation, regulations, best practices, or industry standards as a part of the pen testing effort. These regulations vary widely from one jurisdiction to another – from country to country and, often, from state to state.

Many regulations are industry-specific – such as legislation concerning health care – and only apply to that industry sector or vertical. Other legislation applies across all industries in a region or country and are, therefore, horizontal in nature.

A multinational organization may find it nearly impossible to be compliant with the regulations in all the countries they operate in. ...

Get Penetration Testing: Protecting Networks and Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.