NCSC-NL publishes Security testing White Paper

How do you keep your information system secure? You can do this by regularly having a security test performed on your information system. Such a test gives you additional assurance about the security of your system. The results of this test can be used to fix vulnerabilities. Aside from feeling responsible yourself, a reason for having a security test performed is compliance or because your customers request it. To help you, NCSC-NL has compiled the Security testing White Paper. This White Paper is a manual for commissioning parties. In four steps, this White Paper accompanies you through the process, so you can increase the security of your information system as much as possible.

Security testing is a highly specialised trade which your organisation is probably not able to do by yourself. Fortunately, you can outsource the work to various contractors. But if you are unclear in your assignment and let your contractor execute the test at their own discretion, the results may not be what you need. The Security testing White Paper helps you through this process from the very start. You will first consider your objectives and what means is best suited. This way, you will come to formulate a specific assignment. You then choose a contractor and accompany them in the execution, to make sure the results are what you need. Finally, you will make sure the reported recommendations are put into practice, so you can be sure your information system is as secure as you desire.

For this publication, NCSC-NL has collaborated with various organisations with experience as commissioning party or as performer of security tests. By combining this knowledge, every organisation can benefit from the experiences of others.