Penetration Testing by James Hayes, Nick Furneaux, Jims Marchang, Rob Ellis, Jason Charalambous, Moinuddin Zaki, Peter Taylor, Roderick Douglas, Felix Ryan, Ceri Charlton, Gemma Moore, Tylor Robinson, Sharif Gardner

We begin this chapter with an overview of regulation and compliance frameworks and how penetration testing fits in to them. The next section establishes the regulatory management approaches and considerations as well as the legal aspects that apply to conducting penetration testing. The final part of the chapter describes the main types of organisational regulation and compliance that apply to penetration testing.

GOVERNANCE AND REGULATORY COMPLIANCE OVERVIEW

Increasingly, high-profile security breaches have been in our headlines. For example, the 2013 breach of cardholder data at the US company Target led to costs to the company of US$252 million (McGinty, 2015). Arguably high-profile ...