The IT Law Wiki
Register
m (Undo revision 214760 by 132.154.69.119 (talk))
Tag: Undo
 
(6 intermediate revisions by 2 users not shown)
Line 9: Line 9:
 
=== General ===
 
=== General ===
   
  +
'''Security testing''' is
Security testing is a process used to evaluate the [[effectiveness]] of [[implement]]ed [[security measure]]s or [[security controls|controls]] and to [[identify]], [[validate]], and [[assess]] [[security]] weaknesses so that they can be addressed. Such [[testing]] should be one component of an overall [[security]] program that also includes assigned [[security]] responsibilities, [[risk assessment]], system requirements, planning, [[policies]], and procedures. This [[testing]] includes hands-on [[functional testing]], [[penetration testing]], and [[verification]].
 
   
  +
{{Quote|[a] [[process]] used to determine that the [[security]] features of a [[system]] are [[implement]]ed as designed. This includes hands-on [[functional testing]], [[penetration testing]], and [[verification]].<ref>[[Department of Defense]], [[National Computer Security Center]], Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).</ref>}}
==References==
 
  +
  +
{{Quote|[[testing|[t]esting]] that attempts to [[verify]] that an [[implementation]] protects [[data]] and maintains [[functionality]] as intended.<ref>[[NIST Special Publication 800-152]], at 135.</ref>}}
  +
  +
== Overview ==
  +
 
Such [[testing]] should be one component of an overall [[security]] program that also includes assigned [[security]] responsibilities, [[risk assessment]], system requirements, planning, [[policies]], and procedures. This [[testing]] includes hands-on [[functional testing]], [[penetration testing]], and [[verification]].
  +
 
== References ==
 
<references />
 
<references />
   
 
== See also ==
 
== See also ==
   
<div style="column-count:2;-moz-column-count:2;">
+
<div style="{{column-count|2}}">
   
 
* [[Active security testing]]
 
* [[Active security testing]]
Line 28: Line 36:
   
 
</div>
 
</div>
[[Category:Legislation]]
 
[[Category:Legislation-U.S.-Federal]]
 
[[Category:Legislation-U.S.-DMCA]]
 
 
[[Category:DMCA]]
 
[[Category:DMCA]]
 
[[Category:Circumvention]]
 
[[Category:Circumvention]]
 
[[Category:Security]]
  +
[[Category:Testing]]

Latest revision as of 18:07, 19 November 2021

Definitions[]

DMCA[]

Security testing means

accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.[1]

General[]

Security testing is

[a] process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification.[2]
[t]esting that attempts to verify that an implementation protects data and maintains functionality as intended.[3]

Overview[]

Such testing should be one component of an overall security program that also includes assigned security responsibilities, risk assessment, system requirements, planning, policies, and procedures. This testing includes hands-on functional testing, penetration testing, and verification.

References[]

  1. 17 U.S.C. §1201(j)(1)(A).
  2. Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
  3. NIST Special Publication 800-152, at 135.

See also[]