Erwägungsgrund 13
The relevant entities should regularly carry out security tests based on a dedicated policy and procedures to verify whether the cybersecurity risk-management measures are implemented and function properly. Security tests may be performed on specific network and information systems or on the elevant entity as a whole and may include automated or manual tests, penetration tests, vulnerability scanning, static and dynamic application security tests, configuration tests or security audits. The relevant entities may conduct security tests on their network and information systems at set-up,
after infrastructure or application upgrades or modifications that they deem significant, or after maintenance. The findings of the security tests should inform the relevant entities’ policies and procedures the assessment of the effectiveness of their security measures, as well as independent reviews of their network and information security policies.
Navigieren Sie sicher durch die NIS2-Richtlinie!
Holen Sie sich den NIS2-Umsetzungs-Fahrplan und unseren Newsletter!