Cyber security membership organisation, CREST, has announced the release of its Defensible Penetration Test, a specification that provides recommendations on how penetration tests should be scoped, delivered and signed off.
Developed alongside recognised industry and peer-selected experts to define a minimum set of expectations, the specification responds to significant growth in the numbers of penetration tests being carried out globally.
“A CREST Defensible Penetration Test provides flexibility built around a minimum set of expectations that will drive better outcomes for buyers across the globe,” said Rowland Johnson, CREST president. ”It provides the industry with a much needed commercially defensible assurance activity that is appropriately scoped, executed and signed off.”
The definitions, practices and expectations associated with a penetration test are inconsistent and fluid. This makes it difficult to define or parameterise a series of activities that looks at all possible requirements, engagements or scenarios. For example, a penetration test may need to assess a mobile phone at one end of the spectrum or an aircraft carrier at the other.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE