⟩ Explain Security Testing?
Usage " Security is a protection system that is needed for both securing the confidential information and for competitive purposes to assure third parties that their data will be protected.
" Amount of security provided depends upon risks associated with compromise or loss of information.
" Protecting the confidentiality of the information is designed to protect the resources of the organization.
" Used to check the adequacy of protective procedures and countermeasures..
Objectives " To identify the defects which are very difficult to identify.
" The failures in security system operation may not be detected , resulting in a loss or compromise of information without the knowledge of that loss.
" To determine that adequate attention is paid to identify security risks.
" Determine realistic definition and enforcement of access to the system has been implemented.
" To determine that sufficient expertise exists to perform adequate security testing.
" Conducting reasonable tests to ensure that the implemented security measures function properly.
How to Use " Involves a wide spectrum of conditions.
" Testing divided into physical and logical security.
" Physical security - deals with penetration by people in order to physically gather information.
" Logical Security - deals with use of computer operations / communications capabilities to improperly access information.
When to use " Security testing should be used when the information and/or assets protected by the application system are of significant value to the organization.
" Should be conducted before system goes to operational status.
" Extent of testing should depend upon the security risk.
Examples " Access denied " Procedures in place