Elements and Performance Criteria
- Prepare for penetration testing
- Analyse organisation’s existing cyber security environment, systems and network requirements
- Identify individual data types and level of security requirements
- Establish and outline goal and objectives of performing penetration testing
- Evaluate scanning tools and select according to vulnerability assessment requirements
- Establish and document testing regime and schedule, and requirements according to organisational procedures
- Conduct penetration tests
- Conduct follow up activities
- Remediate identified vulnerabilities according to testing procedures
- Determine and document improvement plan
- Evaluate penetration testing effectiveness against testing plan and procedures
- Escalate unresolved vulnerabilities to required personnel
- Submit documentation to required personnel and seek and respond to feedback