=> While VA-PT is not explicitly mentioned in Clause 8, it can be considered as part of the broader information security controls and risk assessment processes. VA-PT is implicitly covered under various sections like - Clause 6.1: Actions to address risks and opportunities Clause 8.1: Operational planning and control Annex A: Information security controls reference ISO 27002: => ISO 27002 provides more detailed guidance like - Control 5.36: Technical compliance review Control 8.8: Management of technical vulnerabilities Control 8.9: Configuration management Control 8.10: Information deletion Control 8.11: Data masking Control 8.12: Data leakage prevention => You can contact the author directly for further guidance udyphy@gmaildotcom
Eye-opener video...interesting!
Does VA-PT fall under clause 8?
=> While VA-PT is not explicitly mentioned in Clause 8, it can be considered as part of the broader information security controls and risk assessment processes.
VA-PT is implicitly covered under various sections like -
Clause 6.1: Actions to address risks and opportunities
Clause 8.1: Operational planning and control
Annex A: Information security controls reference ISO 27002:
=> ISO 27002 provides more detailed guidance like -
Control 5.36: Technical compliance review
Control 8.8: Management of technical vulnerabilities
Control 8.9: Configuration management
Control 8.10: Information deletion
Control 8.11: Data masking
Control 8.12: Data leakage prevention
=> You can contact the author directly for further guidance udyphy@gmaildotcom