{"id":2868,"date":"2024-05-16T14:45:16","date_gmt":"2024-05-16T11:45:16","guid":{"rendered":"https:\/\/bilisimacademy.com\/blog\/?p=2868"},"modified":"2024-05-16T15:17:26","modified_gmt":"2024-05-16T12:17:26","slug":"yasalarda-sizma-testi-gerekliligi","status":"publish","type":"post","link":"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/","title":{"rendered":"Yasalarda S\u0131zma Testi Gereklili\u011fi"},"content":{"rendered":"\n<p>Ulusal Siber G\u00fcvenlik Stratejisi ve Eylem Plan\u0131nda (2020-2023) S\u0131zma Testi (Pentest); bili\u015fim sistemlerinin veya a\u011f\u0131n g\u00fcvenlik \u00f6nlemlerini atlatman\u0131n yollar\u0131n\u0131 belirleme, sisteme s\u0131zma ve bu \u015fekilde \u00f6ncelikli sistem zafiyetlerini ve a\u00e7\u0131kl\u0131klar\u0131n\u0131 belirlemeye y\u00f6nelik test, TSE taraf\u0131ndan ise; bilgisayar ve a\u011f g\u00fcvenli\u011fini d\u0131\u015far\u0131dan veya i\u00e7eriden yap\u0131lan bir sald\u0131r\u0131 ile de\u011ferlendirme y\u00f6ntemi olarak tan\u0131mlanm\u0131\u015ft\u0131r. S\u0131zma testleri ile siber bir sald\u0131r\u0131 olmadan \u00f6nce zafiyetlerin ve a\u00e7\u0131kl\u0131klar\u0131n tespit edilmesi ve giderilmesi hedeflenir. Bu kapsamda s\u0131zma testi bilgi g\u00fcvenli\u011fi \u00e7er\u00e7evesinde \u00f6nemli bir s\u00fcreci temsil etmektedir.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7indekiler<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#Elektronik_Ticaret\" >Elektronik Ticaret<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#Bankacilik_ve_Elektronik_Bankacilik_Hizmetleri\" >Bankac\u0131l\u0131k ve Elektronik Bankac\u0131l\u0131k Hizmetleri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#Enerji_Piyasasi_Duzenleme_Kurumu\" >Enerji Piyasas\u0131 D\u00fczenleme Kurumu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#Kisisel_Verileri_Koruma\" >Ki\u015fisel Verileri Koruma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#Sermaye_Piyasa_Kurulu\" >Sermaye Piyasa Kurulu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#Gelir_Idaresi_Baskanligi\" >Gelir \u0130daresi Ba\u015fkanl\u0131\u011f\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#Ulastirma_ve_Altyapi_Bakanligi\" >Ula\u015ft\u0131rma ve Altyap\u0131 Bakanl\u0131\u011f\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/bilisimacademy.com\/blog\/2024\/05\/yasalarda-sizma-testi-gerekliligi\/#ISOIEC_27001\" >ISO\/IEC 27001<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p>Bireyin veya bir kurumun sahip oldu\u011fu en temel de\u011fer bilginin kendisidir. Bilginin temel g\u00fcvenlik \u00f6zellikleri olan gizlilik, b\u00fct\u00fcnl\u00fck ve eri\u015febilirlik olarak (Confidentiality, Integrity, Availability) s\u0131n\u0131fland\u0131r\u0131labilir. \u0130\u00e7inde bulundu\u011fumuz teknolojik ilerlemenin bilgi g\u00fcvenli\u011fini sa\u011flamada ve a\u00e7\u0131kl\u0131klar\u0131ndan faydalanmadaki etkisi nedeniyle bireyler ve kurumlar \u00f6nemli tehlike alt\u0131ndad\u0131r. Yapay zek\u00e2 teknolojisinin de ilerlemesi ile zafiyet ve a\u00e7\u0131kl\u0131klar\u0131n istismar edilmesi \u00f6nemli bilgi g\u00fcvenli\u011fi ihlallerinin \u00f6n\u00fcn\u00fc a\u00e7abilecektir.<\/p>\n\n\n\n<p>D\u00fczenli olarak, yetkin ki\u015fi ve kurulu\u015f taraf\u0131ndan yap\u0131lacak g\u00fcvenlik a\u00e7\u0131kl\u0131\u011f\u0131 taramas\u0131, zafiyet taramas\u0131 ve bu eylemlerin hepsini kapsayan s\u0131zma testi, proaktif bir yakla\u015f\u0131m ile olas\u0131 tehditlerin \u00f6nlenmesine \u00f6nemli katk\u0131lar sunacakt\u0131r.<\/p>\n\n\n\n<p>Bu yaz\u0131m\u0131zda yasal dok\u00fcmanlarda s\u0131zma testi zorunluluklar\u0131 ve hangi kurum, firma ve kurulu\u015flar\u0131n s\u0131zma testi yapt\u0131rmas\u0131 gerekti\u011fi a\u00e7\u0131klanmaya \u00e7al\u0131\u015f\u0131lm\u0131\u015ft\u0131r.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Elektronik_Ticaret\"><\/span><strong>Elektronik Ticaret<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"318\" height=\"159\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim1-10.jpg\" alt=\"\" class=\"wp-image-2873\" srcset=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim1-10.jpg 318w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim1-10-300x150.jpg 300w\" sizes=\"(max-width: 318px) 100vw, 318px\" \/><\/figure>\n\n\n\n<p>Elektronik Ticarette Hizmet Sa\u011flay\u0131c\u0131 ve Arac\u0131 Hizmet Sa\u011flay\u0131c\u0131lar Hakk\u0131nda Y\u00f6netmelik kapsam\u0131nda bulunan arac\u0131 hizmet sa\u011flay\u0131c\u0131 ve kendine ait elektronik ticaret ortam\u0131nda faaliyet g\u00f6steren hizmet sa\u011flay\u0131c\u0131lar g\u00fcven damgas\u0131 almak istemeleri durumunda; \u201c<strong>g\u00fcven damgas\u0131<\/strong>\u201d ba\u015fvurusunda bulunmadan <strong>en fazla \u00fc\u00e7 ay \u00f6nce<\/strong> ve <strong>her takvim y\u0131l\u0131 i\u00e7inde en az bir defa<\/strong>, T\u00fcrk Standartlar\u0131 Enstit\u00fcs\u00fc taraf\u0131ndan onayl\u0131 A veya B s\u0131n\u0131f\u0131 s\u0131zma testi firmalar\u0131na <strong>s\u0131zma testi yapt\u0131rarak<\/strong> gerekli \u00f6nlemleri al\u0131r ve bu \u00f6nlemleri ald\u0131\u011f\u0131na ili\u015fkin do\u011frulama testi yapt\u0131r\u0131r. (Elektronik Ticarette G\u00fcven Damgas\u0131 Hakk\u0131nda Tebli\u011f, Madde 5)<\/p>\n\n\n\n<p>(Kaynak:<a href=\"https:\/\/www.mevzuat.gov.tr\/mevzuat?MevzuatNo=23634&amp;MevzuatTur=9&amp;MevzuatTertip=5\" target=\"_blank\" rel=\"noopener\">https:\/\/www.mevzuat.gov.tr\/mevzuat?MevzuatNo=23634&amp;MevzuatTur=9&amp;MevzuatTertip=5<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Bankacilik_ve_Elektronik_Bankacilik_Hizmetleri\"><\/span><strong>Bankac\u0131l\u0131k ve Elektronik Bankac\u0131l\u0131k Hizmetleri<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" width=\"325\" height=\"155\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim2.jpg\" alt=\"\" class=\"wp-image-2874\" srcset=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim2.jpg 325w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim2-300x143.jpg 300w\" sizes=\"(max-width: 325px) 100vw, 325px\" \/><\/figure>\n\n\n\n<p>Banka, bilgi sistemleri arac\u0131l\u0131\u011f\u0131yla sundu\u011fu hizmetlerin tasar\u0131m\u0131, geli\u015ftirilmesi, uygulanmas\u0131 veya y\u00fcr\u00fct\u00fclmesinde g\u00f6revi bulunmayan ba\u011f\u0131ms\u0131z ekiplere <strong>y\u0131lda en az bir defa s\u0131zma testi<\/strong> yapt\u0131r\u0131r. [Bankalar\u0131n Bilgi Sistemleri ve Elektronik Bankac\u0131l\u0131k Hizmetleri Hakk\u0131nda Y\u00f6netmelik, Madde-18, (7)]<\/p>\n\n\n\n<p>(Kaynak:<a href=\"https:\/\/www.resmigazete.gov.tr\/eskiler\/2020\/03\/20200315-10.htm\" target=\"_blank\" rel=\"noopener\">https:\/\/www.resmigazete.gov.tr\/eskiler\/2020\/03\/20200315-10.htm<\/a>)<\/p>\n\n\n\n<p>24 Temmuz 2012 tarihli Bilgi Sistemlerine \u0130li\u015fkin S\u0131zma Testleri Genelgesine g\u00f6re S\u0131zma testleri, temel s\u0131zma testleri ile bu testler sonras\u0131 uygulanacak detayl\u0131 s\u0131zma testlerinden olu\u015fur. S\u0131zma testleri kapsam\u0131nda ger\u00e7ekle\u015ftirilecek testler asgari olarak a\u015fa\u011f\u0131daki ba\u015fl\u0131klar\u0131 kapsar:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0130leti\u015fim Altyap\u0131s\u0131 ve Aktif Cihazlar<\/li>\n\n\n\n<li>DNS Servisleri<\/li>\n\n\n\n<li>Etki Alan\u0131 ve Kullan\u0131c\u0131 Bilgisayarlar\u0131<\/li>\n\n\n\n<li>E-posta Servisleri<\/li>\n\n\n\n<li>Veritaban\u0131 Sistemleri<\/li>\n\n\n\n<li>Web Uygulamalar\u0131<\/li>\n\n\n\n<li>Mobil Uygulamalar<\/li>\n\n\n\n<li>Kablosuz A\u011f Sistemleri<\/li>\n\n\n\n<li>ATM Sistemleri<\/li>\n\n\n\n<li>Da\u011f\u0131t\u0131k Servis D\u0131\u015f\u0131 B\u0131rakma Testleri<\/li>\n\n\n\n<li>Sosyal M\u00fchendislik Testleri<\/li>\n<\/ul>\n\n\n\n<p>04 Aral\u0131k 2013 tarihinde Bilgi Al\u0131\u015fveri\u015fi, Takas ve Mahsupla\u015fma Kurulu\u015flar\u0131nda Bilgi Sistemleri Y\u00f6netiminde Esas Al\u0131nacak \u0130lkeler ile \u0130\u015f S\u00fcre\u00e7leri ve Bilgi Sistemlerinin Denetimine \u0130li\u015fkin Tebli\u011f yay\u0131nlanm\u0131\u015ft\u0131r. Risk Merkezi, bilgi al\u0131\u015fveri\u015fi, takas ve mahsupla\u015fma kurulu\u015flar\u0131, bilgi sistemleri denetimini yapmaya yetkili kurulu\u015flar, ba\u011f\u0131ms\u0131z denetim kurulu\u015flar\u0131 ve d\u0131\u015f hizmet sa\u011flay\u0131c\u0131 kurulu\u015flar bu tebli\u011f h\u00fck\u00fcmlerine tabidir. Bu tebli\u011fe g\u00f6re s\u00f6z konusu kurulu\u015flar <strong>s\u0131zma testini<\/strong> <strong>y\u0131lda en az bir defa <\/strong>yapt\u0131rmak zorundad\u0131r. [(Tebli\u011f Madde-5, (5)]<\/p>\n\n\n\n<p>Finansal Kiralama, Faktoring ve Finansman \u015eirketlerinin Bilgi Sistemlerinin Y\u00f6netimine ve Denetimine \u0130li\u015fkin Tebli\u011f 6 Nisan 2019\u2019da yay\u0131nlanm\u0131\u015ft\u0131r ve finansal kiralama, faktoring ve finansman \u015firketlerini kapsamaktad\u0131r. Tebli\u011fde \u201c\u015eirket, d\u0131\u015far\u0131dan gelecek bir siber sald\u0131r\u0131ya kar\u015f\u0131 gerekli \u00f6nlemleri al\u0131r ve <strong>2 y\u0131lda bir s\u0131zma testi<\/strong> yapt\u0131r\u0131r.\u201d h\u00fckm\u00fc bulunmaktad\u0131r.<\/p>\n\n\n\n<p>\u00d6deme Kurulu\u015flar\u0131 ve Elektronik Para Kurulu\u015flar\u0131n\u0131n Bilgi Sistemlerinin Y\u00f6netimine ve Denetimine \u0130li\u015fkin Tebli\u011f 27 Haziran 2014 tarihinde yay\u0131nlanm\u0131\u015f ve \u00f6deme hizmeti sa\u011flamak ve ger\u00e7ekle\u015ftirmek i\u00e7in Kanun kapsam\u0131nda yetkilendirilmi\u015f t\u00fczel ki\u015fileri ve kanun kapsam\u0131nda elektronik para ihra\u00e7 etme yetkisi verilen t\u00fczel ki\u015fileri kapsamaktad\u0131r. Kapsamdaki kurulu\u015flar, bilgi sistemleri arac\u0131l\u0131\u011f\u0131yla sundu\u011fu hizmetlerin tasar\u0131m\u0131, geli\u015ftirilmesi, uygulanmas\u0131 veya y\u00fcr\u00fct\u00fclmesinde g\u00f6revi bulunmayan ba\u011f\u0131ms\u0131z ekiplere <strong>y\u0131lda en az bir defa s\u0131zma testi<\/strong> yapt\u0131rmakla y\u00fck\u00fcml\u00fc tutulmu\u015flard\u0131r.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Enerji_Piyasasi_Duzenleme_Kurumu\"><\/span><strong>Enerji Piyasas\u0131 D\u00fczenleme Kurumu<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" width=\"319\" height=\"158\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim3.jpg\" alt=\"\" class=\"wp-image-2875\" srcset=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim3.jpg 319w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim3-300x149.jpg 300w\" sizes=\"(max-width: 319px) 100vw, 319px\" \/><\/figure>\n\n\n\n<p>16 Temmuz 2023 tarihli ve 32250 say\u0131l\u0131 Resmi Gazetede yay\u0131mlanan Enerji Piyasas\u0131 D\u00fczenleme Kurulunun 13\/07\/2023 Tarihli ve 11956 Say\u0131l\u0131 Karar\u0131 Enerji Sekt\u00f6r\u00fcnde Kullan\u0131lan End\u00fcstriyel Kontrol Sistemleri \u0130\u00e7in G\u00fcvenlik Analiz Ve Test Usul ve Esaslar\u0131 belirlemi\u015ftir. S\u0131zma testi kavram\u0131 yerine G\u00fcvenlik analiz ve testleri kavram\u0131 kullan\u0131lm\u0131\u015ft\u0131r.<\/p>\n\n\n\n<p>Bu kapsamda; ilgili karara g\u00f6re i\u015fletmeye yeni ba\u015flayacak olan kurulu\u015flar faaliyete ge\u00e7tikten sonra on sekiz ay i\u00e7erisinde, g\u00fcvenlik analiz ve testleri yapt\u0131r\u0131rlar ve t\u00fcm kurulu\u015flar testleri en ge\u00e7 \u00fc\u00e7 y\u0131lda bir tekrarlar.<\/p>\n\n\n\n<p>G\u00fcvenlik analiz ve testlerini yapacak firma\/kurulu\u015f ve personelinde aranacak yetkinlikler b\u00f6l\u00fcm\u00fcnde (Madde-13);<\/p>\n\n\n\n<p>-A\u011f g\u00fcvenli\u011fi konusunda uluslararas\u0131 kabul g\u00f6rm\u00fc\u015f kurulu\u015flardan al\u0131nm\u0131\u015f Comptia Security+, GSEC, CND (EC-Council), SSCP, CISSP, CNSS vb. sertifikalardan en az birine sahip olmak,<\/p>\n\n\n\n<p>&#8211; CEH (EC-Council), OSCP, ICS\/SCADA Cybersecurity (EC-Council), en az Sertifikal\u0131 S\u0131zma Testi Uzman\u0131 seviyesinde olmak \u00fczere TSE A\u011f ve Sistem Altyap\u0131s\u0131 S\u0131zma Testi Uzman\u0131, GPEN\u2019den en az ikisine sahip olmak, kriterleri konulmu\u015ftur.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kisisel_Verileri_Koruma\"><\/span><strong>Ki\u015fisel Verileri Koruma<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"450\" height=\"102\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim4.jpg\" alt=\"\" class=\"wp-image-2876\" srcset=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim4.jpg 450w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim4-300x68.jpg 300w\" sizes=\"(max-width: 450px) 100vw, 450px\" \/><\/figure>\n\n\n\n<p>Ki\u015fisel Veri G\u00fcvenli\u011fi Rehberi (Teknik ve \u0130dari Tedbirler) yay\u0131n\u0131na g\u00f6re (KVKK Yay\u0131n\u0131, ISBN : 978-975-19-6834-0, Ocak 2018, Ankara) g\u00fcvenlik yaz\u0131l\u0131m\u0131 mesajlar\u0131, eri\u015fim kontrol\u00fc kay\u0131tlar\u0131 ve di\u011fer raporlama ara\u00e7lar\u0131n\u0131n d\u00fczenli olarak kontrol edilmesi, bu sistemlerden gelen uyar\u0131lar \u00fczerine harekete ge\u00e7ilmesi, bili\u015fim sistemlerinin bilinen zafiyetlere kar\u015f\u0131 korunmas\u0131 i\u00e7in d\u00fczenli olarak zafiyet taramalar\u0131 ve <strong>s\u0131zma testlerinin yap\u0131lmas\u0131<\/strong> ile ortaya \u00e7\u0131kan g\u00fcvenlik a\u00e7\u0131klar\u0131na dair testlerin sonucuna g\u00f6re de\u011ferlendirmeler yap\u0131lmas\u0131 gerekmektedir.<\/p>\n\n\n\n<p>Yine s\u00f6z konusu rehberde veri sorumlusu taraf\u0131ndan al\u0131nabilecek teknik tedbirler olarak <strong>\u201cs\u0131zma testi\u201d<\/strong> ifade edilmi\u015ftir.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Sermaye_Piyasa_Kurulu\"><\/span><strong>Sermaye Piyasa Kurulu<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"225\" height=\"225\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim5.jpg\" alt=\"\" class=\"wp-image-2877\" srcset=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim5.jpg 225w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim5-150x150.jpg 150w\" sizes=\"(max-width: 225px) 100vw, 225px\" \/><\/figure>\n\n\n\n<p>Sermaye Piyasas\u0131 Kurulunun Bilgi Sistemleri Y\u00f6netimi Tebli\u011fine (VII-128.9) g\u00f6re; kurum, kurulu\u015f ve ortakl\u0131klar\u0131n bilgi sistemleri, bilgi g\u00fcvenli\u011fi gereklerinin yerine getirilmesi hususunda herhangi bir g\u00f6revi bulunmayan ve s\u0131zma testi konusunda ulusal veya uluslararas\u0131 belgeye sahip ger\u00e7ek veya t\u00fczel ki\u015filer <strong>taraf\u0131ndan en az y\u0131lda bir kez s\u0131zma testine<\/strong> tabi tutulur.<\/p>\n\n\n\n<p>Ayr\u0131ca ilgili tebli\u011fin Ek-1\u2019i Bilgi Sistemleri S\u0131zma Testleri Usul ve Esaslar\u0131n\u0131 belirlemektedir. Buna g\u00f6re; s\u0131zma testleri kapsam\u0131nda ger\u00e7ekle\u015ftirilecek testler asgari olarak a\u015fa\u011f\u0131daki ba\u015fl\u0131klar\u0131 kapsamas\u0131 gerekmektedir:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u0130leti\u015fim Altyap\u0131s\u0131 ve Aktif Cihazlar<\/li>\n\n\n\n<li>DNS Servisleri<\/li>\n\n\n\n<li>Etki Alan\u0131 ve Kullan\u0131c\u0131 Bilgisayarlar\u0131<\/li>\n\n\n\n<li>E-posta Servisleri<\/li>\n\n\n\n<li>Veri Taban\u0131 Sistemleri<\/li>\n\n\n\n<li>Web Uygulamalar\u0131<\/li>\n\n\n\n<li>Mobil Uygulamalar<\/li>\n\n\n\n<li>Kablosuz A\u011f Sistemleri<\/li>\n\n\n\n<li>Da\u011f\u0131t\u0131k Servis D\u0131\u015f\u0131 B\u0131rakma Testleri<\/li>\n\n\n\n<li>Sosyal M\u00fchendislik Testleri<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Gelir_Idaresi_Baskanligi\"><\/span><strong>Gelir \u0130daresi Ba\u015fkanl\u0131\u011f\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"259\" height=\"194\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim6.jpg\" alt=\"\" class=\"wp-image-2878\"\/><\/figure>\n\n\n\n<p>19 Kas\u0131m 2019\u2019da yay\u0131nlanan e-Belge \u00d6zel Entegrat\u00f6rleri Bilgi Sistemleri Denetim K\u0131lavuzu, G\u0130B\u2019den izin alan \/ alacak olan \u00d6zel Entegrat\u00f6r kurulu\u015flar\u0131n\u0131 kapsamaktad\u0131r. Bu k\u0131lavuza g\u00f6re s\u0131zma testi; k\u0131lavuzda tan\u0131mlanan varl\u0131klar\u0131 ve bilgi sistemlerinin genelini kapsayacak \u015fekilde yapt\u0131r\u0131l\u0131r. <strong>S\u0131zma testleri y\u0131lda en az bir kez <\/strong>olmak \u00fczere tekrarlan\u0131r. S\u0131zma testinde varsa tespit edilen a\u00e7\u0131klara ili\u015fkin al\u0131nan tedbirleri, bir takvime ba\u011flanm\u0131\u015f eylem plan\u0131 bi\u00e7iminde \u00f6zel entegrat\u00f6r taraf\u0131ndan kay\u0131t alt\u0131na al\u0131n\u0131r. \u00d6zel entegrat\u00f6r a\u015fa\u011f\u0131daki liste kapsamda s\u0131zma testi yapt\u0131r\u0131r:<\/p>\n\n\n\n<p>\u00b7 A\u011f ve \u0130leti\u015fim Altyap\u0131s\u0131 Testleri<\/p>\n\n\n\n<p>\u00b7 \u0130\u015fletim Sistemi ve Platform Testleri<\/p>\n\n\n\n<p>\u00b7 Uygulama Testleri<\/p>\n\n\n\n<p>\u00b7 Veri Taban\u0131 Testleri<\/p>\n\n\n\n<p>\u00b7 Web uygulamalar\u0131 testleri<\/p>\n\n\n\n<p>\u00b7 Mobil uygulama testleri<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ulastirma_ve_Altyapi_Bakanligi\"><\/span><strong>Ula\u015ft\u0131rma ve Altyap\u0131 Bakanl\u0131\u011f\u0131<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"225\" height=\"224\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim7.jpg\" alt=\"\" class=\"wp-image-2879\" srcset=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim7.jpg 225w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim7-150x150.jpg 150w\" sizes=\"(max-width: 225px) 100vw, 225px\" \/><\/figure>\n\n\n\n<p>21 Haziran 2017 tarihinde KamuNet A\u011f\u0131na Ba\u011flanma ve KamuNet A\u011f\u0131n\u0131n Denetimine \u0130li\u015fkin Usul ve Esaslar Hakk\u0131nda Tebli\u011f yay\u0131nlanm\u0131\u015ft\u0131r. Bu tebli\u011fde yer ald\u0131\u011f\u0131 \u00fczere KamuNet\u2019e d\u00e2hil edilecek ve d\u00e2hil olan kamu kurumlar\u0131n\u0131n, KamuNet\u2019in ba\u011fl\u0131 oldu\u011fu sistemler <strong>\u00fczerinde s\u0131zma\/penetrasyon testleri ger\u00e7ekle\u015ftirerek<\/strong> tespit edilen a\u00e7\u0131kl\u0131klar\u0131n giderilmesi i\u00e7in \u00e7al\u0131\u015fmalar yapmas\u0131 gerekmektedir.<\/p>\n\n\n\n<p>(Kaynak: https:\/\/www.resmigazete.gov.tr\/eskiler\/2017\/06\/20170621-15.htm)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"ISOIEC_27001\"><\/span><strong>ISO\/IEC 27001<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"241\" height=\"209\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2024\/05\/Resim8.jpg\" alt=\"\" class=\"wp-image-2880\"\/><\/figure>\n\n\n\n<p>Ayr\u0131ca ISO\/IEC 27001 sertifikas\u0131na sahip olma zorunlulu\u011fu bulunan kurulu\u015flar\u0131n standard\u0131n EK-A g\u00fcvenlik kontrolleri b\u00f6l\u00fcm\u00fcnde&nbsp;<em>A.12.6.1 Teknik A\u00e7\u0131kl\u0131klar\u0131n Y\u00f6netimi&nbsp;<\/em>kapsam\u0131nda d\u00fczenli olarak s\u0131zma testi yapt\u0131rmalar\u0131 veya bu kontrol gere\u011fince kendi kaynaklar\u0131 ile d\u00fczenli olarak teknik a\u00e7\u0131kl\u0131klar\u0131 tespit etmesi gereklidir.<\/p>\n\n\n\n<p>S\u0131zma testlerinin d\u00fczenli olarak yap\u0131lmas\u0131, kurulu\u015flar\u0131n hassas bilgilerini korumak i\u00e7in b\u00fcy\u00fck \u00f6nem ta\u015f\u0131r. Mevzuatlara bak\u0131ld\u0131\u011f\u0131nda, \u00f6zellikle enerji ve finans sekt\u00f6rlerindeki kurulu\u015flar\u0131n bu konuda daha dikkatli olmalar\u0131 gerekti\u011fi vurgulanmaktad\u0131r. Yasal bir zorunluluk olmamas\u0131na ra\u011fmen, s\u0131zma testleri yapt\u0131rmak, kurulu\u015flar\u0131n g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tespit edip, uygun \u00f6nlemleri alarak sistemlerini daha g\u00fcvenli hale getirmeleri i\u00e7in \u00f6nemli bir f\u0131rsatt\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ulusal Siber G\u00fcvenlik Stratejisi ve Eylem Plan\u0131nda (2020-2023) S\u0131zma Testi (Pentest); bili\u015fim sistemlerinin veya a\u011f\u0131n g\u00fcvenlik \u00f6nlemlerini atlatman\u0131n yollar\u0131n\u0131 belirleme, sisteme s\u0131zma ve bu \u015fekilde \u00f6ncelikli sistem zafiyetlerini ve a\u00e7\u0131kl\u0131klar\u0131n\u0131 belirlemeye y\u00f6nelik test, TSE taraf\u0131ndan ise; bilgisayar ve a\u011f g\u00fcvenli\u011fini d\u0131\u015far\u0131dan veya i\u00e7eriden yap\u0131lan bir sald\u0131r\u0131 ile de\u011ferlendirme y\u00f6ntemi olarak tan\u0131mlanm\u0131\u015ft\u0131r. S\u0131zma testleri ile siber [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2871,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[32],"tags":[],"class_list":["post-2868","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kesfet"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts\/2868","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/comments?post=2868"}],"version-history":[{"count":3,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts\/2868\/revisions"}],"predecessor-version":[{"id":2883,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts\/2868\/revisions\/2883"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/media\/2871"}],"wp:attachment":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/media?parent=2868"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/categories?post=2868"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/tags?post=2868"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}