Criminal hackers are gaining access to organisations’ networks using a variety of techniques, so ensuring your network is secure should be high on your agenda. Penetration testing is an effective method of determining the security of your networks and web applications, helping your organisation identify the best way of protecting its assets.
Article 32 of the GDPR (General Data Protection Regulation) requires organisations to implement technical measures to ensure data security. It highlights the need for “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing”.
Defects in web servers, web browsers, email clients, point-of-sale (POS) software, operating systems and server interfaces can allow attackers to gain access to an environment. However, to patch these vulnerabilities, you need to identify them first.
Penetration tests are crucial because they provide a final, end-of-state check to make sure all the security controls required have been implemented correctly. They can also be used in the early stages of developing new processing systems to identify risks to personal data.
- The GDPR’s requirements for security testing;
- Testing to fit security and budgetary requirements;
- Guidance for penetration testing; and
- An example of a GDPR testing regime.