An info. security assessment (ISA) is the process of determining how effectively an entity being assessed (e.g., host, system, network, procedure, person) meets specific security objectives. This is a guide to the basic tech. aspects of conducting ISA. It presents tech. testing and examination methods and techniques that an org. might use as part of an ISA, and offers insights to assessors on their execution and the potential impact they may have on systems and networks. For an ISA to be successful, elements beyond the execution of testing and examination must support the tech. process. Suggestions for these activities Ai including a robust planning process, root cause analysis, and tailored reporting Ai are also presented in this guide. Illus.Appendix EaResources This appendix lists a wide range of additional resources for use with technical security testing and examination. Table E-1 contains a list of NIST documents that complement this guide, and Table E-2 provides a list of online resources that ... National Security Agency (NSA) Information Assessment Methodology (IAM) http://www.nsa.gov/ia/industry/education/iam.cfm?
|Title||:||Technical Guide to Information Security Testing and Assessment|
|Publisher||:||DIANE Publishing - 2009-05-01|