|
Title: Industry Regs Post by: Artful Dodger on May 07, 2008, 02:04:29 PM Hi everyone,
this should be an easy question, but I cant seem to find a good list. so I figured I would ask my new favorite site! What industry regulations require Pen Testing? I know the sections in PCI, and I know HIPAA kinda almost suggests it. What other regs state that you must? Title: Re: Industry Regs Post by: RoleReversal on May 08, 2008, 03:14:57 AM From my experience (BS7799/ISO27001 standards) pen testing isn't required for standards but it is the de factor standard for 'proving' your security posture is working. Basically if you don't do pen-testing you better have a good reason for not doing it and be able to explain to the auditors why you feel your systems are secure without standard testing.
Powered by SMF 1.1.5 |
SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |