What Is NIST Special Publication 800-115 and What Does it Say About Penetration Testing?

penetration testing featured

As technology advances, the need for effective cybersecurity measures becomes increasingly important. The necessity for regular testing, including penetration testing, has raised awareness of best practices and standards for such assessments.

The National Institute of Standards and Technology (NIST) has developed comprehensive guidelines and standards to help organizations safeguard their information systems from cyber threats. Among these guidelines is NIST 800-115, a guide for conducting penetration testing on information systems.

This article will explore the fundamental principles of NIST 800-115 and the benefits of conducting penetration testing according to its guidelines. We will also discuss how organizations can use the information gathered from penetration testing to improve their cybersecurity. Organizations can better protect their systems and data from cyber threats by following the recommendations outlined in this guide.

 

Read More

ISO 31010 and Implementing Risk Assessment Techniques

ISO 31010 featured

We’ve previously discussed the role of risk assessment as defined by the International Organization of Standardization (ISO) 31000, and generally speaking, we’ve found that risk management is a key practice to supporting security and compliance. To better support organizations approaching risk assessment, ISO published the supplementary document, ISO/IEC 31010, “Risk assessment technique.”

In this article, we’ll provide a brief overview of the processes and techniques advocated by this publication.

 

Read More

What are ISO 30141 and the General Characteristics of Internet of Things (IoT) Systems?

ISO 30141 featured

The Internet of Things (IoT) was seen as the next big thing for the consumer market. While the impact of IoT technology is still unfolding, there is no doubt that IoT devices have made a much bigger impact in the commercial space. IoT networks are changing how we handle major industrial processes, from healthcare to supply chain logistics and manufacturing. Accordingly, the ISO has put forth a document, ISO 30141, on best practices and characteristics of operational IoT systems. 

 

Read More