Industry Regs


Artful Dodger


Posts: 43

Joined: Tue Apr 29, 2008 8:58 am

Post Wed May 07, 2008 2:04 pm

Industry Regs

Hi everyone,
this should be an easy question, but I cant seem to find a good list.  so I figured I would ask my new favorite site!

What industry regulations require Pen Testing?  I know the sections in PCI, and I know HIPAA kinda almost suggests it.  What other regs state that you must?
CISSP, C|HFI, Security+, Network+, XYZ...blah.


User avatar

Hero Member
Hero Member

Posts: 929

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Thu May 08, 2008 3:14 am

Re: Industry Regs

From my experience (BS7799/ISO27001 standards) pen testing isn't required for standards but it is the de factor standard for 'proving' your security posture is working. Basically if you don't do pen-testing you better have a good reason for not doing it and be able to explain to the auditors why you feel your systems are secure without standard testing.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software