0850 800 1483
BRSA (Banking Regulation and Supervision Agency); It is an autonomous public institution that regulates and supervises the activities of banks, financial institutions and companies. Nearly 200 institutions and organizations such as domestic banks, foreign bank representatives, financing companies and card organizations are subject to BRSA audit.
With ISO 27001 certification;
Since the most critical security attacks focus on the banking and finance sector, it has become mandatory for the banking and finance sector to have a BRSA-compliant penetration test performed by the BRSA. With the desired penetration test scope, institutions;
is examined and the report generated is audited by BRSA.
Information Security Management System (ISMS) was established under BRSA, Data and System Management Department. It is inspected and certified by independently audited organizations for compliance with ISO/IEC 27001:2013 standards.
The difference of BRSA Compliant Penetration Testing from other penetration tests in terms of test stages, methods and tools used is the test scope and the obligations of both the institutions performing the test and the institutions that have it performed. For this reason, the methods and tools mentioned in our other "Penetration Testing" articles on our site are examples of the methods and tools used in BRSA Compliant Penetration Tests.
As stated in the same communiqué, Minimum Penetration Test scope: Communication Infrastructure and Active Devices DNS Services Domain and User Computers E-mail Services Database Systems Web Applications Mobile Applications Wireless Network Systems ATM Systems Distributed Denial of Service Tests Code Analysis Social Engineering Internal Penetration Test (Intranet) Security Checkup)
The banking and finance sector has become the target of the biggest cyber attacks both in our country and around the world. Banks in our country are independent in accordance with subparagraph (ç) of the third paragraph of the Communiqué of the Banking Regulation and Supervision Agency dated 24.07.2012 and numbered B.02.1.BDK.0.77.00.00/010.06.02-1 “Communiqué on the Principles to be Based on the Management of Information Systems in Banks”. The teams are obliged to have a penetration test performed once a year.
Established in 2017 to provide consultancy, service and support services on information security, Infinitum IT carries out studies within the framework of cyber incident response services, secure code development/analysis, penetration tests, and blue/red teamwork.
Esentepe Mah. Buyukdere Cad. LOFT PLAZA Floor:4 Flat:86 Levent/Istanbul
Copyright © 2023 InfinitumIT– All Rights Reserved.
Esentepe Mah. Buyukdere Cad. LOFT PLAZA Floor:4 Flat:86 Levent/Istanbul
Copyright © 2023 InfinitumIT– All Rights Reserved.