4 EMBEDDING PENETRATION TESTING WITHIN ORGANISATIONAL SECURITY POLICIES AND PROCEDURES

Ceri Charlton

An important part of the strategy of utilising penetration tests is identifying when they are to be used. This chapter discusses the way in which the activities relating to penetration testing can be built into the Information Security Management System (ISMS) of an organisation and the broader risk management framework. This chapter aims to explore some of the drivers, approaches and obstacles to embedding penetration testing (however it may be conducted) within an organisation.

ADDING PENETRATION TESTING TO AN EXISTING ENTERPRISE INFORMATION SECURITY STRATEGY

Increasingly, regardless of any additional industry-specific or regulatory requirements, ...

Get Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.