4 EMBEDDING PENETRATION TESTING WITHIN ORGANISATIONAL SECURITY POLICIES AND PROCEDURES
An important part of the strategy of utilising penetration tests is identifying when they are to be used. This chapter discusses the way in which the activities relating to penetration testing can be built into the Information Security Management System (ISMS) of an organisation and the broader risk management framework. This chapter aims to explore some of the drivers, approaches and obstacles to embedding penetration testing (however it may be conducted) within an organisation.
ADDING PENETRATION TESTING TO AN EXISTING ENTERPRISE INFORMATION SECURITY STRATEGY
Increasingly, regardless of any additional industry-specific or regulatory requirements, ...