{"id":14258,"date":"2022-10-17T14:02:50","date_gmt":"2022-10-17T11:02:50","guid":{"rendered":"https:\/\/teknolojinet.xyz\/sizma-testi-ve-iso-27001-uyumlulugu\/"},"modified":"2022-10-17T14:02:50","modified_gmt":"2022-10-17T11:02:50","slug":"sizma-testi-ve-iso-27001-uyumlulugu","status":"publish","type":"post","link":"https:\/\/btuyum.com\/en\/sizma-testi-ve-iso-27001-uyumlulugu\/","title":{"rendered":"SIZMA TEST\u0130 ve ISO 27001 UYUMLULU\u011eU"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"14258\" class=\"elementor elementor-14258\">\n\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6db8099 e-container--column e-container\" data-id=\"6db8099\" data-element_type=\"container\">\t\t\t\t<div class=\"elementor-element elementor-element-3dbbdf0 elementor-widget elementor-widget-text-editor\" data-id=\"3dbbdf0\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-widget-text-editor.elementor-drop-cap-view-stacked .elementor-drop-cap{background-color:#818a91;color:#fff}.elementor-widget-text-editor.elementor-drop-cap-view-framed .elementor-drop-cap{color:#818a91;border:3px solid;background-color:transparent}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap{margin-top:8px}.elementor-widget-text-editor:not(.elementor-drop-cap-view-default) .elementor-drop-cap-letter{width:1em;height:1em}.elementor-widget-text-editor .elementor-drop-cap{float:left;text-align:center;line-height:1;font-size:50px}.elementor-widget-text-editor .elementor-drop-cap-letter{display:inline-block}<\/style>\t\t\t\t<p>Merhaba,<\/p><p><span>ISO\/IEC 27001 standard\u0131 t\u00fcm d\u00fcnyada bilgi g\u00fcvenli\u011fi y\u00f6netim sistemi kapsam\u0131nda uygulanan en kapsaml\u0131 ve geni\u015f standartt\u0131r. S\u0131zma testi ise, sistem ve uygulamalar\u0131n g\u00fcvenli\u011fi konusunda dikkate al\u0131nan ve uygulanan en temel ve yayg\u0131n pratiklerden biridir.<\/span><\/p><p><span>Bu iki prati\u011fin birbiri ile ba\u011flant\u0131s\u0131, ISO\/IEC 27001 sertifikasyonu i\u00e7in s\u0131zma testi gereklili\u011fi, uygulanacak s\u0131zma testinin kapsam\u0131 ve ISO\/IEC 27001 uyumlu s\u0131zma testi konular\u0131 \u00fczerinde baz\u0131 mu\u011flak noktalar\u0131n varl\u0131\u011f\u0131 ve kafa kar\u0131\u015f\u0131kl\u0131\u011f\u0131 oldu\u011fu g\u00f6r\u00fclmektedir.<\/span><\/p><p><span>Bu yaz\u0131 kapsam\u0131nda ISO\/IEC 27001 ve S\u0131zma Testi konusunun birbiri ile ba\u011flant\u0131lar\u0131 hakk\u0131nda soru\/cevap format\u0131nda bilgilendirme yap\u0131lacakt\u0131r<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>S\u0131zma testi gereksinimi ISO\/IEC 27001 standard\u0131n\u0131n hangi maddesine istinaden tart\u0131\u015f\u0131l\u0131r?<\/span><\/h5><p><span>ISO\/IEC 27001 i\u00e7inde s\u0131zma testi gereksinimin ortaya kondu\u011fu madde \u201cA12.6.1 Teknik A\u00e7\u0131kl\u0131k Y\u00f6netimi\u201d maddesidir. Baz\u0131 uzmanlar taraf\u0131ndan farkl\u0131 maddeler \u00fczerinden de bu konuya do\u011frudan i\u015faret edildi\u011fi belirtilse de asl\u0131 olarak konuyu do\u011frudan referans\u0131n yer ald\u0131\u011f\u0131 \u201cA12.6.1\u201d maddesi \u00fczerinden tart\u0131\u015fmak daha sa\u011fl\u0131kl\u0131 g\u00f6r\u00fclmektedir.<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>ISO\/IEC 27001 standard\u0131 s\u0131zma testi kapsam\u0131nda nas\u0131l bir gereksinim belirtir?<\/span><\/h5><p><span>Standart i\u00e7inde ilgili maddenin i\u00e7eri\u011fi tam olarak a\u015fa\u011f\u0131daki gibidir.<\/span><\/p><p><b><i>A.12.6.1:Teknik a\u00e7\u0131kl\u0131klar\u0131n y\u00f6netimi:<\/i><\/b><i><span>\u00a0Kullan\u0131lmakta olan bilgi sistemlerinin teknik a\u00e7\u0131kl\u0131klar\u0131na dair bilgi, zaman\u0131nda elde edilmeli kurulu\u015fun bu t\u00fcr a\u00e7\u0131kl\u0131klara kar\u015f\u0131 zafiyeti de\u011ferlendirilmeli ve ilgili riskin ele al\u0131nmas\u0131 i\u00e7in uygun tedbirler al\u0131nmal\u0131d\u0131r.<\/span><\/i><span>\u00a0<\/span><\/p><p><span>Bu maddeye bize ISO\/IEC 27001 uygulayacak kurumun teknik a\u00e7\u0131kl\u0131klar\u0131n\u0131 tespit etmesi \u015feklinde bir gereksinim kullanmaktad\u0131r. Bu a\u00e7\u0131dan bak\u0131ld\u0131\u011f\u0131nda akla ilk olarak s\u0131zma testi benzeri bir operasyon gelmekle beraber do\u011frudan s\u0131zma testi ifadesi kullan\u0131lmam\u0131\u015ft\u0131r.<\/span><\/p><p><span>Ek olarak ISO\/IEC 27001 i\u00e7in uygulama pratiklerini i\u00e7eren 27002 standard\u0131 bir kaynak olarak dikkate al\u0131nabilir. 27002 \u00fczerindeki uygulama pratiklerine bak\u0131ld\u0131\u011f\u0131nda ise bu s\u00fcre\u00e7te zafiyet taramas\u0131n\u0131 \u00e7a\u011fr\u0131\u015ft\u0131ran \u00e7al\u0131\u015fmalara referans verildi\u011fi g\u00f6r\u00fclmektedir?<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>\u201cS\u0131zma Testi\u201d ile \u201cZafiyet Taramas\u0131\u201d zaten ayn\u0131 \u015fey de\u011fil mi?<\/span><\/h5><p><span>S\u0131zma testi ve zafiyet taramas\u0131 farl\u0131 uygulamalard\u0131r.\u00a0 Zafiyet Taramas\u0131, otomatize ara\u00e7larla yap\u0131lan h\u0131zl\u0131 kontrolleri i\u00e7erir. Zafiyet taramas\u0131 sonras\u0131 tespit edilen a\u00e7\u0131kl\u0131klar\u0131n istismar\u0131na veya farkl\u0131 noktaya etkilerine y\u00f6nelik \u00e7al\u0131\u015fma yap\u0131lmaz.<\/span><\/p><p><span>S\u0131zma Testi ise zafiyet taramas\u0131na ek olarak tarama sonu\u00e7lar\u0131n\u0131n do\u011frulanmas\u0131, bulunan zafiyetlerin istismar\u0131 ile sistemler \u00fczerinde yeni analizler ile farkl\u0131 zafiyetlerin tespit edilmesi ve ayr\u0131ca i\u015f mant\u0131\u011f\u0131 kaynakl\u0131 zafiyetlerin incelenmesini i\u00e7erir.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5cf0b98 elementor-widget elementor-widget-image\" data-id=\"5cf0b98\" data-element_type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t<style>\/*! elementor - v3.7.8 - 02-10-2022 *\/\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"870\" height=\"301\" src=\"https:\/\/btuyum.com\/wp-content\/uploads\/2022\/10\/Sizma-Testi-Zafiyet-Tarama-2.png\" class=\"attachment-large size-large\" alt=\"SIZMA TEST\u0130 ve ISO 27001 UYUMLULU\u011eU\" srcset=\"https:\/\/btuyum.com\/wp-content\/uploads\/2022\/10\/Sizma-Testi-Zafiyet-Tarama-2.png 870w, https:\/\/btuyum.com\/wp-content\/uploads\/2022\/10\/Sizma-Testi-Zafiyet-Tarama-2-300x104.png 300w, https:\/\/btuyum.com\/wp-content\/uploads\/2022\/10\/Sizma-Testi-Zafiyet-Tarama-2-768x266.png 768w, https:\/\/btuyum.com\/wp-content\/uploads\/2022\/10\/Sizma-Testi-Zafiyet-Tarama-2-480x166.png 480w\" sizes=\"auto, (max-width: 870px) 100vw, 870px\" title=\"SIZMA TEST\u0130 ve ISO 27001 UYUMLULU\u011eU\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">S\u0131zma Testi vs Zafiyet Taramas\u0131<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f46d7e2 elementor-widget elementor-widget-text-editor\" data-id=\"f46d7e2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"single-post-wrap entry-content\"><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>Sonu\u00e7 olarak ISO\/IEC 27001 i\u00e7in s\u0131zma testi zorunlu mudur?<\/span><\/h5><p><span>Var\u0131lacak sonucu geciktirmeden s\u00f6ylemek gerekirse, ISO\/IEC 27001 i\u00e7in s\u0131zma testi zorunlu de\u011fildir? \u00c7\u00fcnk\u00fc ISO\/IEC 27001 i\u00e7inde s\u0131zma testi a\u00e7\u0131k bir \u015fekilde belirtilmemi\u015ftir. \u00d6te yandan ISO\/IEC 27002 i\u00e7inde \u201cZafiyet Taramas\u0131\u201d daha a\u00e7\u0131k bir \u015fekilde belirtilmi\u015ftir. Ancak standard\u0131n yap\u0131s\u0131 gere\u011fi ISO\/IEC 27002 i\u00e7eri\u011fi sertifikasyon kapsam\u0131nda tavsiye edilmekle beraber uygulamas\u0131 zorunlu de\u011fildir.<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>O zaman ISO\/IEC 27001 i\u00e7in s\u0131zma testi gereksizdir diyebilir miyiz?<\/span><\/h5><p><span>Hay\u0131r. Her ne kadar standart i\u00e7in de a\u00e7\u0131k\u00e7a ge\u00e7medi\u011fi i\u00e7in s\u0131zma testi ISO\/IEC 27001 belgesi alman\u0131n \u00f6n \u015fart\u0131 de\u011filse de s\u0131zma testi yada zafiyet taramas\u0131n\u0131 gereksiz g\u00f6rmek hatal\u0131 bir yakla\u015f\u0131md\u0131r.<\/span><\/p><p><span>Zira pratikte, standard\u0131n belirtti\u011fi teknik a\u00e7\u0131kl\u0131klar\u0131 tespit etmek ve y\u00f6netmek ancak s\u0131zma testi ve zafiyet taramas\u0131 ile m\u00fcmk\u00fcnd\u00fcr. Dolay\u0131s\u0131yla ISO\/IEC 27001 kapsam\u0131nda s\u0131zma testi yapt\u0131r\u0131lmas\u0131 kesinlikle \u00f6nerilmektedir.<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>S\u0131zma testi yapt\u0131r\u0131lmamas\u0131 durumunda denetimde bulgu yaz\u0131labilir mi?<\/span><\/h5><p><span>S\u0131zma testi eksikli\u011fi nedeniyle denet\u00e7inin maj\u00f6r bulgu yazarak belgelendirmeyi iptal etmesi \u00e7ok beklenen bir durum de\u011fildir. Bununla beraber, denet\u00e7inin s\u0131zma testini \u00f6nermesi ve bununla alakal\u0131 min\u00f6r bulgu yazmas\u0131 beklenen bir durumdur.<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>ISO\/IEC 27001 kapsam\u0131nda kurum hangi varl\u0131klar\u0131na test yapt\u0131rmal\u0131d\u0131r?<\/span><\/h5><p><span>Kurumun \u201cVarl\u0131k Envanteri\u201d i\u00e7ine yazd\u0131\u011f\u0131 t\u00fcm varl\u0131klar\u0131 i\u00e7in s\u0131zma testi yapt\u0131rmas\u0131 gerekir. Kuruma ait; sunucu sistemleri, a\u011f bile\u015fenleri, web uygulamalar\u0131, mobil uygulamalar\u0131 bu varl\u0131klara \u00f6rnek verilebilir.<\/span><\/p><p><span>Bu noktada dikkate al\u0131nmas\u0131 gereken k\u0131stas mevcut varl\u0131klar\u0131n kurumun sorumlulu\u011funda olup olmad\u0131\u011f\u0131d\u0131r. \u00d6rne\u011fin kurumun geli\u015ftirip bir m\u00fc\u015fterisine devretti\u011fi uygulamalar art\u0131k kurum sorumlulu\u011funda de\u011filse bunlar i\u00e7in s\u0131zma testi gerekmez.<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>S\u0131zma testi i\u00e7in t\u00fcm varl\u0131klar dikkate al\u0131nd\u0131\u011f\u0131nda \u00e7ok y\u00fcksek bir maliyet \u00e7\u0131kmaktad\u0131r? Bu nas\u0131l hafifletilebilir?<\/span><\/h5><p><span>Bu noktada yard\u0131ma \u201czafiyet taramas\u0131\u201d y\u00f6ntemi gelebilir. Kurum kritiklik seviyesi d\u00fc\u015f\u00fck olan varl\u0131klar i\u00e7in s\u0131zma testi yerine zafiyet taramas\u0131 yaparsa daha d\u00fc\u015f\u00fck maliyetle temel bir tedbiri alm\u0131\u015f olacakt\u0131r.<\/span><\/p><p><span>Buna ek olarak kullan\u0131c\u0131 hesab\u0131 ile login olan sistemlerde, \u201clogin (giri\u015f i\u015flemi)\u201d sonras\u0131 a\u015famalar\u0131 test kapsam\u0131ndan \u00e7\u0131karmak test maliyetini d\u00fc\u015f\u00fcrecektir. \u201cLogin\u201d sonras\u0131 a\u015famalar\u0131n da test edilmesi faydal\u0131 olsa da ilk a\u015famada uygulaman\u0131n anonim k\u0131sm\u0131n\u0131 test edebilmek i\u00e7in bu \u015fekilde bir maliyet hesab\u0131 yap\u0131labilir.<\/span><\/p><p><span>S\u0131zma testi \u00e7al\u0131\u015fmas\u0131nda maliyeti d\u00fc\u015f\u00fcrecek di\u011fer bir pratik, test ekibi ile test s\u00fcrecinde maximum i\u015fbirli\u011fi yapmakt\u0131r. Bu s\u00fcre\u00e7te, test edilecek sistemlere do\u011frudan eri\u015fim verilmesi test ekibinin ke\u015fif ve sistemlere eri\u015fim a\u015famas\u0131nda zaman kayb\u0131n\u0131n \u00f6n\u00fcne ge\u00e7ecek bu da maliyeti d\u00fc\u015f\u00fcrecektir.<\/span><\/p><h5 class=\"fusion-responsive-typography-calculated\" data-fontsize=\"23\" data-lineheight=\"37.26px\"><span>ISO\/IEC 27001 uyumlu s\u0131zma testi ne demektir?<\/span><\/h5><p><span>ISO\/IEC 27001 herhangi bir s\u0131zma testi metodolojisi sa\u011flamamakta veya \u00f6nermemektedir. Bu kapsamda \u201cISO 27001 uyumlu s\u0131zma testi\u201d\u00a0 tabirinin kullan\u0131m\u0131 genel olarak do\u011fru g\u00f6r\u00fclmektedir.\u00a0<\/span><\/p><p><span>Konunun anla\u015f\u0131lmas\u0131 a\u00e7\u0131s\u0131ndan bu tabirin uyumlu oldu\u011fu farkl\u0131 kullan\u0131mlara a\u015fa\u011f\u0131daki d\u00fczenleme, metodoloji veya rehberler \u00f6rnek verilebilir?<\/span><\/p><ul><li aria-level=\"1\"><span>PCI DSS uyumlu s\u0131zma testi<\/span><\/li><li aria-level=\"1\"><span>ISSAF uyumlu s\u0131zma testi<\/span><\/li><li aria-level=\"1\"><span>OWASP uyumlu s\u0131zma testi<\/span><\/li><\/ul><\/div><div class=\"section section-blog-info\"><div class=\"row\"><div class=\"col-md-6\">\u00a0<\/div><\/div><\/div>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<\/div>\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Merhaba, ISO\/IEC 27001 standard\u0131 t\u00fcm d\u00fcnyada bilgi g\u00fcvenli\u011fi y\u00f6netim sistemi kapsam\u0131nda uygulanan en kapsaml\u0131 ve geni\u015f standartt\u0131r. S\u0131zma testi ise, sistem ve uygulamalar\u0131n g\u00fcvenli\u011fi konusunda dikkate al\u0131nan ve uygulanan en temel ve yayg\u0131n pratiklerden biridir. Bu iki prati\u011fin birbiri ile ba\u011flant\u0131s\u0131, ISO\/IEC 27001 sertifikasyonu i\u00e7in s\u0131zma testi gereklili\u011fi, uygulanacak s\u0131zma testinin kapsam\u0131 ve ISO\/IEC 27001 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":14154,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62],"tags":[],"class_list":["post-14258","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-iso27001-en"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/posts\/14258","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/comments?post=14258"}],"version-history":[{"count":0,"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/posts\/14258\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/media\/14154"}],"wp:attachment":[{"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/media?parent=14258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/categories?post=14258"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/btuyum.com\/en\/wp-json\/wp\/v2\/tags?post=14258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}