Auto-sync: update nexus workspace

wiki/concepts/Third Party Penetration Testing.md

@@ -0,0 +1,37 @@
+---
+title: "Third-Party Penetration Testing"
+type: concept
+tags:
+  - Security
+  - Testing
+  - Penetration-Testing
+  - Red-Team
+last_updated: 2026-04-14
+---
+
+# Third-Party Penetration Testing
+
+## Definition
+由独立第三方安全机构执行的渗透测试和红队演练，用于客观评估组织的安全态势，发现内部视角可能忽略的漏洞。
+
+## Components
+- **年度第三方测试**：由独立机构执行年度安全评估
+- **桌面演练（Tabletop Exercises）**：模拟安全事件和违规场景，测试响应流程
+- **红队演练（Red Team Exercises）**：在事先不知情的情况下评估组织安全
+- **高级威胁评估（Advanced Threat Assessments）**
+- **内部/第三方渗透测试**：定期进行，发现技术漏洞
+- **客户审计（Customer Audits）**：有时会引发补救活动
+
+## Key Metrics
+- 桌面演练：测试事件和违规准备就绪程度
+- 红队演练：在无预警情况下测试组织安全
+- OpenText 持续在第三方测试中处于"顶级梯队"
+
+## Key Quote
+> "OpenText conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier." — GIS Team
+
+## Connections
+- [[ISO-27001]]：框架要求
+- [[Global Information Security Policy (GISP)]]：政策支撑
+- [[Threat-Intelligence]]：结合使用
+- [[OpenText]]：实施组织