Published: 04 November 2019
This summary contains input from six members regarding their approaches to managing security penetration testing. It examines members' enterprise-wide policies on penetration testing and reviews various penetration test reporting tools and approaches to penetration test scheduling. The summary also discusses whether members use external suppliers to manage penetration tests, the criteria for selecting suppliers, and the use of a master contract and framework. The summary ends with a review of how members handle the storage and management of their penetration test findings.
Included in Full Research
Consult the Board Research Team