CREST releases Defensible Penetration Test specs

Cyber security membership organisation, CREST, has announced the release of its Defensible Penetration Test, a specification that provides recommendations on how penetration tests should be scoped, delivered and signed off.

Developed alongside recognised industry and peer-selected experts to define a minimum set of expectations, the specification responds to significant growth in the numbers of penetration tests being carried out globally.

“A CREST Defensible Penetration Test provides flexibility built around a minimum set of expectations that will drive better outcomes for buyers across the globe,” said Rowland Johnson, CREST president. ”It provides the industry with a much needed commercially defensible assurance activity that is appropriately scoped, executed and signed off.”

The definitions, practices and expectations associated with a penetration test are inconsistent and fluid. This makes it difficult to define or parameterise a series of activities that looks at all possible requirements, engagements or scenarios. For example, a penetration test may need to assess a mobile phone at one end of the spectrum or an aircraft carrier at the other.

    Share Story:


Deborah Ritchie speaks to Chief Inspector Tracy Mortimer of the Specialist Operations Planning Unit in Greater Manchester Police's Civil Contingencies and Resilience Unit; Inspector Darren Spurgeon, AtHoc lead at Greater Manchester Police; and Chris Ullah, Solutions Expert at BlackBerry AtHoc, and himself a former Police Superintendent. For more information click here

Modelling and measuring transition and physical risks
CIR's editor, Deborah Ritchie speaks with Giorgio Baldasarri, global head of the Analytical Innovation & Development Group at S&P Global Market Intelligence; and James McMahon, CEO of The Climate Service, a S&P Global company. April 2023