Читать книгу Web Penetration Testing - Radhi Shatob - Страница 7

Security Audits best practices can be found through the information security stranded and controls published by many organizations around the word, below a list of well-known information security organizations that published and keep updated information security best practices, controls, check lists and tools to help organizations accomplish best cyber defense.

Here is a list of some of these organization with links to their website to obtain security controls documents and tools as all these organization offer documents and tools for free except ISO which charge fee for their standard document.

Center of Internet Security CIS ( https://www.cisecurity.org/)

US National Institute of Standards and Technology (NIST) ( https://nvd.nist.gov/ncp/repository)

International Organization for Standardization (ISO/IEC 27000 Family – Information Security management systems) https://www.iso.org/isoiec-27001-information-security.html

 PCI Security Standard Council which published Payment Card Industry Data Security Standards (PCI DSS) https://www.pcisecuritystandards.org/