18Nis
How often should one order a pentest?
I am trying to find explicit recommendations on the frequency of penetration testing, if possible in an industrial environment.
I looked in ISO/IEC 27001, NIST SP 800-115 but could not find any information on this except that "It depends".
While I totally understand and somewhat agree with this statement, especially since every environment is very different and I did not specify a type of audit (ie. External pentest, Internal AD pentest, Applicative pentest, Physical intrusion, Social engineering campaigns, password cracking audit etc.), I would still like to know if such information exists or not.
