Join the Webinar | Strong Protection Against Cyber Threats

Services
Services
- Services
  Consultancy
  Managed Security
  Risk and Threat Analysis
  
  Forensic Informatics
  Forensic IT services are professional services for the collection, analysis and presentation of digital evidence.
  
  Penetration Tests
  Penetration testing is a testing process with controlled attacks to detect vulnerabilities in your systems.
  
  MDR+ Service
  MDR is a service that manages the detection, analysis and response processes of advanced cyber attacks.
  
  SOC Service
  SOC (Security Operations Center) is a central unit that monitors, analyzes and manages security events.
  
  CIR Service
  CIR Service is a professional service offered to detect, analyze, and respond to cyber attacks that occur in an organization.
  
  SIEM Correlation & Log Management Service
  Improve your data logging, troubleshooting and combating security threats by predicting potential threats!
  
  Cyber Risk Analysis and Threat Detection Service
  Cyber Risk Analysis and Threat Detection Service is a service provided to detect potential risks and threats by evaluating digital assets.
  
  Purple Teaming Service
  Purple Teaming Service is a service that enhances the security experience by collaborating with attack and defense teams.
  
  Red Teaming Service
  Red Teaming Service is a service that simulates cyber attacks in order to test and improve an organization's security measures.
  
  Ransomware Attack and Risk Analysis Service
  Our expert team and advanced technology protect your business from the harmful effects of ransomware attacks.
Products
- ThreatBlade
Resources
- Blog
- Reports
Events
- Webinars
Company
Free MDR HealthCheck
Türkçe

Answers

We Develop Information Security Processes

Have a question?

Call Now +0850 800 1483

BRSA Compliant Penetration Test

BRSA (Banking Regulation and Supervision Agency); It is an autonomous public institution that regulates and supervises the activities of banks, financial institutions and companies. Nearly 200 institutions and organizations such as domestic banks, foreign bank representatives, financing companies and card organizations are subject to BRSA audit.

With ISO 27001 certification;

Information is protected against unauthorized access,
Confidentiality of information is ensured,
Information will not be shared with unauthorized persons,
The integrity of the information is ensured and authorized users can access the information when needed,
It is ensured that employees are provided with information security training and that all information security vulnerabilities and suspected weak points are reported to responsible persons.

BRSA Compliant Pentest Scope

Since the most critical security attacks focus on the banking and finance sector, it has become mandatory for the banking and finance sector to have a BRSA-compliant penetration test performed by the BRSA. With the desired penetration test scope, institutions;

Wireless Network Systems
Code Analysis
ATM Systems
Internal Penetration Test
Database Systems
Social Engineering
Mobile Applications

Communication Infrastructure and Active Devices
Domain and User Computers
Distributed Disconnection Tests
DNS Service
Web Applications
Email Services

is examined and the report generated is audited by BRSA.

What is ISO 27001 Information Security Management System?

Information Security Management System (ISMS) was established under BRSA, Data and System Management Department. It is inspected and certified by independently audited organizations for compliance with ISO/IEC 27001:2013 standards.

Frequently Asked Questions About BRSA Compliant Penetration Testing

What are the Methods and Tools Used in BRSA Compliant Penetration Testing?

The difference of BRSA Compliant Penetration Testing from other penetration tests in terms of test stages, methods and tools used is the test scope and the obligations of both the institutions performing the test and the institutions that have it performed. For this reason, the methods and tools mentioned in our other "Penetration Testing" articles on our site are examples of the methods and tools used in BRSA Compliant Penetration Tests.

What Should Be the Scope of BRSA Compliant Penetration Testing?

As stated in the same communiqué, Minimum Penetration Test scope: Communication Infrastructure and Active Devices DNS Services Domain and User Computers E-mail Services Database Systems Web Applications Mobile Applications Wireless Network Systems ATM Systems Distributed Denial of Service Tests Code Analysis Social Engineering Internal Penetration Test (Intranet) Security Checkup)

Why Should I Have a BRSA Compliant Penetration Test?

The banking and finance sector has become the target of the biggest cyber attacks both in our country and around the world. Banks in our country are independent in accordance with subparagraph (ç) of the third paragraph of the Communiqué of the Banking Regulation and Supervision Agency dated 24.07.2012 and numbered B.02.1.BDK.0.77.00.00/010.06.02-1 “Communiqué on the Principles to be Based on the Management of Information Systems in Banks”. The teams are obliged to have a penetration test performed once a year.