Companies are increasingly being confronted with cybersecurity threats, such as ransomware attacks and data leaks. The demand for reliable pen tests is therefore growing. During a pen test (an abbreviation of ‘penetration test’), investigators take on the guise of a malicious hacker. They try to find vulnerabilities in all kinds of ways, using the same methods as cyber criminals or cyber spies. In doing so, they expose the weak spots of a website, application or an entire IT infrastructure. After the pen test, vulnerabilities can be eliminated through targeted action. In collaboration with a large number of parties, including the Online Trust Coalition, the Centre for Crime Prevention and Security (CCV) has developed a quality label for pen tests.
Why a quality label?
Companies and organisations are exposed to huge risks if the security of their systems isn’t good enough. Independent scrutiny of the quality of pen testing services is an important step in the fight against cyber criminals. Director of Cyberveilig Nederland (the largest interest group for cybersecurity service providers in the Netherlands) Petra Oldengarm is pleased with the new quality label: “The cybersecurity sector in the Netherlands is rapidly evolving. New companies and initiatives are being established almost daily, without any checks on quality. Given the digital vulnerability of Dutch companies, this isn’t a desirable situation. Thanks to this quality label, customers can be certain of the quality of pen tests.”
Publication of certification scheme
The Certification scheme for pen testing was published today. The scheme is based on NEN-EN-ISO/IEC 17065. In the period ahead, the first certification institutions will be able to enter a contract with the CCV. In the summer, the first pen testing provider is expected to be awarded the pen testing certification. Oldengarm: “As an interest group for the cybersecurity sector, quality is our top priority. Therefore, we’re extremely pleased that the certification scheme for pen testing will soon be up and running. We intend to continue along this path and look forward to the development of quality labels for other types of cybersecurity services.”
For further information about pen testing, certification, contracts and the role of the CCV, please see the CCV’s Frequently Asked Questions page, specific to pen testing certification (Dutch language only).
Stakeholder Panel
The quality label was developed in close collaboration with a Stakeholder Panel Cybersecurity. This panel consists of the following parties: VNO-NCW (Confederation of Netherlands Industry and Employers) / Royal Association MKB (SME) Nederland, CIO Platform, the Dutch Association of Insurers, the Police, Cyberveilig Nederland, NLdigital, the Digital Trust Center and the Online Trust Coalition.
For further information about pen testing, certification, contracts and the role of the CCV, please see the CCV’s Frequently Asked Questions page, specific to pen testing certification (Dutch language only).