The global skills and competency framework for the digital world

#54 Pen Testing - reflect how this has evolved as a component of acceptance testing change request accepted

Consider adding in as a component of Acceptance testing or adding acceptance testing into the description of Pen testing.

From Australian Public Sector SFIA Cyber Security and Digital Workshop Oct12:

  The purpose of Penetration Testing has evolved somewhat since it was first introduced.

  • Penetration Testing can be considered an aspect of acceptance testing of new infrastructure and/or services before being granted an Authority to Operate in a Production environment.

Proposed change applies to Penetration testing

Current status of this request: accepted

What we decided

Accepted into broader review of security skills for SFIA 8.

What we changed

PENT has been re-written to clarify positioning and difference from other related skills

Carol Long
Mar 08, 2021 04:59 PM

Also true of education sector in UK that all public facing systems should be PenTested as part of the contractual handover.