Chapter 25. Security Assessments, Testing, and Evaluation
IN THIS CHAPTER
Understanding the Systems Security Engineering Capability Maturity Model
Discussing other assessment methodologies
Understanding certification and accreditation
Exploring penetration testing
Reviewing audit and monitoring procedures
Assurance is defined as the measure of confidence that the security features and architecture of an information system accurately mediate and enforce an organization's information system security policy. A number of different approaches and methodologies have been developed to evaluate assurance. These techniques range from formal methods to probing and testing a network for vulnerabilities. This chapter addresses the most prominent approaches for assurance evaluation and testing developed by government and private organizations.
Information Assurance Approaches and Methodologies
An effective means to assess information system assurance is to determine if an organization has the appropriate technical, administrative, and organizational processes in place to enforce the organization's security policy. This section explores some methodologies that employ the process approach and derivatives thereof. Remember that the entire process is driven by understanding, managing, controlling, and mitigating risk to an organization's critical information.
The Systems Security Engineering Capability Maturity Model
The Systems Security Engineering Capability Maturity Model (SSE-CMM) is based on the principle ...
Get Network Security Bible, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
