BDDK sızma testi nedir?

BDDK sızma testi, Bankacılık Düzenleme ve Denetleme Kurumu'nun bankalara ve finansal kuruluşlara yönelik zorunlu kıldığı periyodik güvenlik denetimidir. Bu testler, bankacılık sistemlerinin siber saldırılara karşı direncini ölçer ve regülasyon uyumunu belgeler.

EPDK sızma testi ne sıklıkla yapılır?

EPDK düzenlemelerine göre enerji sektöründeki kritik altyapı işletmecileri yılda en az bir kez sızma testi yaptırmakla yükümlüdür. OT/SCADA sistemlerini kapsayan testler özel metodoloji gerektirir.

SPK sızma testi kim için zorunludur?

SPK düzenlemeleri kapsamında aracı kurumlar, portföy yönetim şirketleri ve diğer sermaye piyasası kuruluşları düzenli sızma testi yaptırmakla yükümlüdür.

TSE 13638 sertifikalı firma olmanın avantajı nedir?

TSE 13638 standardı, sızma testi hizmeti sunan firmaların akredite edilmesi için Türkiye'de uygulanan ulusal standarttır. TSE 13638 sertifikalı firmalarla çalışmak, yasal yükümlülüklerin karşılanmasını ve denetim süreçlerinde belgesel güvence elde edilmesini sağlar.

Sızma testi fiyatı nasıl belirlenir?

Sızma testi fiyatı; testin kapsamına, hedef sistem sayısına, test süresine, regülasyon gereksinimlerine (BDDK, EPDK, SPK, TSE, PCI-DSS) ve raporlama derinliğine göre değişir. Netlore Security ücretsiz ön görüşme ile kurumunuza özel fiyatlandırma sunar.

Home / PCI-DSS / Phishing and User Awareness Simulation

PCI-DSS · Req 12.6.2

Phishing and User Awareness Simulation

PCI-DSS Requirement 12.6.2 compliant comprehensive phishing simulation program

Get a Quote All PCI-DSS Solutions

// 01 — Overview

Project Description

This project encompasses the implementation of a comprehensive phishing simulation program to increase employees' awareness against social engineering-based attacks and measure user behaviors.

PCI-DSS Requirement 12.6.2 mandates that organizations provide regular security awareness training to employees and raise awareness against social engineering risks. According to the requirement interpretation, it is not sufficient for employees to just receive training; testing behavior and measuring effectiveness are also considered requirements.

The program is designed to be implemented at least once a year with outputs including role-based awareness training, scenario-based phishing simulations for testing purposes, and management-level reporting of user responses.

// 02 — Methodology

Project Methodology

Systematic and measurable phishing simulation approach

Role-Based Awareness Training

Customized security awareness training is organized for different roles within the organization. Risk scenarios specific to each department's business processes are explained and employees are made aware of social engineering tactics.

Scenario-Based Phishing Simulations

Phishing emails mimicking real attack scenarios are sent. User reactions (clicking, data entry, reporting) are automatically recorded and analyzed.

Behavior Measurement and Analysis

Simulation results are analyzed in detail. Risky user groups are identified and behavioral change rates are measured.

Targeted Improvement Training

Users who fail the simulation are automatically assigned targeted training modules. Personalized learning paths are created.

Management Reporting

Regular reports are presented to organization management. Awareness levels, risk rates, and improvement trends are visualized at management level.

// 03 — Benefits

Project Benefits

Reducing the success rate of social engineering attacks

Measuring and reporting user awareness levels

Proactive identification of risky user groups

Gaining behavioral resistance against phishing attacks

Spreading security culture at organizational level

// 04 — Process

Project Process

Four main phases implemented within an annual cycle

Planning and Preparation

Organizational structure analysis, target audience determination and simulation scenario design

Simulation Campaigns

Conducting phishing campaigns at different difficulty levels

Analysis and Reporting

Detailed analysis of results and preparation of management reports

Improvement and Follow-up

Targeted training and strategy determination for the next cycle

// 05 — Other Solutions

Get a Quote for This Solution

Our expert team will contact you and provide a customized quote for your needs

Get a Quote

Offensive Services

Defensive Services

Training & Consultancy

Security & Compliance

Intelligence & Consulting

Products

Critical Infrastructure

Commercial Sectors

Phishing and User Awareness Simulation

Project Description

Project Methodology

Role-Based Awareness Training

Scenario-Based Phishing Simulations

Behavior Measurement and Analysis

Targeted Improvement Training

Management Reporting

Project Benefits

Project Process

Planning and Preparation

Simulation Campaigns

Analysis and Reporting

Improvement and Follow-up

Other PCI-DSS Solutions

Internal Network Vulnerability Scanning and Management

External Network Vulnerability Scanning (ASV)

Domain Impersonation and Brand Protection

External Attack Surface Monitoring

TLS and Certificate Compliance Monitoring

Get a Quote for This Solution

Cookie Usage