Usage " Security is a protection system that is needed for both securing the confidential information and for competitive purposes to assure third parties that their data will be protected.

" Amount of security provided depends upon risks associated with compromise or loss of information.

" Protecting the confidentiality of the information is designed to protect the resources of the organization.

" Used to check the adequacy of protective procedures and countermeasures..

Objectives " To identify the defects which are very difficult to identify.

" The failures in security system operation may not be detected , resulting in a loss or compromise of information without the knowledge of that loss.

" To determine that adequate attention is paid to identify security risks.

" Determine realistic definition and enforcement of access to the system has been implemented.

" To determine that sufficient expertise exists to perform adequate security testing.

" Conducting reasonable tests to ensure that the implemented security measures function properly.

How to Use " Involves a wide spectrum of conditions.

" Testing divided into physical and logical security.

" Physical security - deals with penetration by people in order to physically gather information.

" Logical Security - deals with use of computer operations / communications capabilities to improperly access information.

When to use " Security testing should be used when the information and/or assets protected by the application system are of significant value to the organization.

" Should be conducted before system goes to operational status.

" Extent of testing should depend upon the security risk.

Examples " Access denied " Procedures in place