38 lines
1.4 KiB
Markdown
38 lines
1.4 KiB
Markdown
---
|
||
title: "Third-Party Penetration Testing"
|
||
type: concept
|
||
tags:
|
||
- Security
|
||
- Testing
|
||
- Penetration-Testing
|
||
- Red-Team
|
||
last_updated: 2026-04-14
|
||
---
|
||
|
||
# Third-Party Penetration Testing
|
||
|
||
## Definition
|
||
由独立第三方安全机构执行的渗透测试和红队演练,用于客观评估组织的安全态势,发现内部视角可能忽略的漏洞。
|
||
|
||
## Components
|
||
- **年度第三方测试**:由独立机构执行年度安全评估
|
||
- **桌面演练(Tabletop Exercises)**:模拟安全事件和违规场景,测试响应流程
|
||
- **红队演练(Red Team Exercises)**:在事先不知情的情况下评估组织安全
|
||
- **高级威胁评估(Advanced Threat Assessments)**
|
||
- **内部/第三方渗透测试**:定期进行,发现技术漏洞
|
||
- **客户审计(Customer Audits)**:有时会引发补救活动
|
||
|
||
## Key Metrics
|
||
- 桌面演练:测试事件和违规准备就绪程度
|
||
- 红队演练:在无预警情况下测试组织安全
|
||
- OpenText 持续在第三方测试中处于"顶级梯队"
|
||
|
||
## Key Quote
|
||
> "OpenText conducts annual third-party tests, including tabletop exercises for incident and breach readiness, consistently scoring in the top tier." — GIS Team
|
||
|
||
## Connections
|
||
- [[ISO-27001]]:框架要求
|
||
- [[Global Information Security Policy (GISP)]]:政策支撑
|
||
- [[Threat-Intelligence]]:结合使用
|
||
- [[OpenText]]:实施组织
|