Skip to main content

Part of Data Security Standard 9 - IT protection

Risks

Previous Chapter

Know your boundaries (9.2.1 - 9.2.2)

Current Chapter

Current chapter – Risks

View all

Next Chapter

Remediation post-testing (9.2.3)

There are a couple of general risks involved in undertaking a test.

1. The test may be mistaken for the reconnaissance or delivery stage of a cyber attack. As many of the tools and techniques used for penetration testing are the same ones as used by hackers. This can be mitigated by informing all the interested parties and knowing and keeping to your boundaries.

2. The test may have an adverse effect on the asset(s) being scanned. Depending on the aggressiveness of the test and the vintage of the asset this could result in an adverse effect, such as service unavailability requiring a reboot.

Last edited: 1 September 2022 3:38 pm

Previous Chapter

Know your boundaries (9.2.1 - 9.2.2)

Next Chapter

Remediation post-testing (9.2.3)

Chapters

  1. Data Security Standard 9 - IT protection
  2. Network components (9.1.1 - 9.1.2)
  3. Password strength, remote locations and managed estates (9.1.1 - 9.1.2)
  4. Penetration testing (9.2.1 - 9.2.2)
  5. Know your boundaries (9.2.1 - 9.2.2)
  6. Risks
  7. Remediation post-testing (9.2.3)
  8. OWASP Top 10 vulnerabilities (9.3.1, 9.3.3, 9.3.7)
  9. Domain Name System (DNS) and IP Ranges (9.3.3 - 9.3.5)
  10. Connected Medical Devices (9.3.8 - 9.3.9)
  11. Perimeter defence (9.3.6, 9.4.1)
  12. Assurance (9.4.4 - 9.4.5)
  13. Secure configuration (9.5.1 - 9.5.10)
  14. Firewalls (9.6.1 - 9.6.6)
  15. Frameworks that can help
  16. IT Infrastructure Library (ITIL)