Question

What will you review and assess in the User Domain as part of this security assessment?

Answer 1

Security Assessment and Testing—Introduction

The goal of security assessment and testing is early identification of technical, operational, and system deficiencies so that appropriate and timely corrective actions can be applied before using the system in the production environment. Creating a test and evaluation strategy involves:

• Planning for technology development and risk

• Evaluating the system design against project requirements

• Identifying where competitive prototyping and other evaluation techniques fit in the process

Let us discuss assessment and test strategies in the next section.

Assessment and Test Strategies

A well-planned and well-executed assessment and test strategy can provide valuable information about risk and risk mitigation.

A security practitioner:

• Must develop assessment and test strategies supporting development and acquisition programs

• Can recommend test and evaluation techniques to help in evaluating and managing risks

• Can formulate plans and procedures to be used by the testing team

The assessment and test strategy is generally executed by a working group known as the Integrated Product Team or IPT consisting of subject matter experts, customer user representatives, and other stakeholders. The strategy should be updated as and when required.