How should one plan a good regular penetration testing schedule? Also, how to do an assessment to check what ICT systems should be eligible for regular testing?

909 viewscircle icon2 Comments
Sort by:
Information Security Manager in Softwarea year ago

Before pentesting, you must scan vulnerabilities and review the frequence of patching your systems + impact analysis of the updates on your applications/data.

EMEA IT Service Management Manager in Miscellaneousa year ago

Test your externally facing systems / services and apps once a year; the stuff looking beyond / from the DMZ that is.

The best and most cost effective way to do this is to get an external consultancy to do this for you; it is independent and only costs when you need it [at the time].

Also it is worth having robust monitoring tools that help prevent a cyber attack in the first place - like Crowdstrike [despite the recent disaster, they're really good].

Lightbulb on1

Content you might like

What is currently the best tool available for process mining or process modeling? I would appreciate your suggestions.

Should I be worried about quantum-safe encryption today?

Yes81%

No19%

We're considering enabling self-service in Power BI, allowing users to add others to workspaces and share reports without going through the centralised access approval process. While this could streamline collaboration, it raises concerns around data governance, user recertification, and potential platform stability. How did you mitigate these risks or improve the approval workflow (using automations)?

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

How are you responding to the Oracle Cloud breach?

Auditing our access and credentials20%

Reconsidering active contracts30%

Improving our authentication protocols34%

Restricting cloud resource access25%

Exploring alternate vendors30%

Reviewing all possible cloud vulnerabilities23%

Requesting breach details from Oracle25%

Updating incident response plan16%

Something else (comment below)2%

View Results