Hot take: if you're not going to action pentest results, don't waste your money on a penetration test. Spend that same budget and bring in security training for your system admins instead.
15
36
3
280
Replying to @MalwareJake
There’s a “pen test” checkbox on your compliance reports (excuse me, “third party security assessment”), not an “action” or “training” checkbox. What a world.

Apr 19, 2022 · 12:46 PM UTC

1
2
6
There is a training check box as well. ISO 27001 section 7.2 b) "Ensure that these persons are competent, on the basis of appropriate education, training, or experience." Once hired they need to continue training. Staff not trained in years is a nonconformity.