In: Computer Science
What will you review and assess in the User Domain as part of this security assessment?
Security Assessment and Testing—Introduction
The goal of security assessment and testing is early identification of technical, operational, and system deficiencies so that appropriate and timely corrective actions can be applied before using the system in the production environment. Creating a test and evaluation strategy involves:
Planning for technology development and risk
Evaluating the system design against project requirements
Identifying where competitive prototyping and other evaluation techniques fit in the process
Let us discuss assessment and test strategies in the next section.
Assessment and Test Strategies
A well-planned and well-executed assessment and test strategy can provide valuable information about risk and risk mitigation.
A security practitioner:
Must develop assessment and test strategies supporting development and acquisition programs
Can recommend test and evaluation techniques to help in evaluating and managing risks
Can formulate plans and procedures to be used by the testing team
The assessment and test strategy is generally executed by a working group known as the Integrated Product Team or IPT consisting of subject matter experts, customer user representatives, and other stakeholders. The strategy should be updated as and when required.