An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Guide to Information Security Testing and Assessment
Published
Author(s)
Shirley M. Radack
Abstract
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Murugiah Souppaya of NIST, and by Amanda Cody and Angela Orebaugh of Booz Allen Hamilton. The new guide discusses the basic technical aspects of conducting information security assessments, and presents technical testing and examination methods that an organization might use as part of an assessment. The bulletin summarizes the information in the guide to help organizations apply the technical testing and examination methods, and covers methodologies and techniques for information security assessments, phases for planning, conducting and evaluating assessments, techniques for testing and assessment, and organizational approaches to testing. The bulletin also includes NIST s recommendations to organizations for planning and implementing information security assessment activities.
Assessment methodology, information security, information technology, network security, risk management, security assessment, security controls, security testing, system security, system vulnerabilities, threats to systems
Radack, S.
(2008),
Guide to Information Security Testing and Assessment, ITL Bulletin, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=901210
(Accessed December 12, 2024)