m (Undo revision 214760 by 132.154.69.119 (talk)) Tag: Undo |
|||
(6 intermediate revisions by 2 users not shown) | |||
Line 9: | Line 9: | ||
=== General === |
=== General === |
||
+ | '''Security testing''' is |
||
⚫ | |||
+ | {{Quote|[a] [[process]] used to determine that the [[security]] features of a [[system]] are [[implement]]ed as designed. This includes hands-on [[functional testing]], [[penetration testing]], and [[verification]].<ref>[[Department of Defense]], [[National Computer Security Center]], Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).</ref>}} |
||
⚫ | |||
+ | |||
+ | {{Quote|[[testing|[t]esting]] that attempts to [[verify]] that an [[implementation]] protects [[data]] and maintains [[functionality]] as intended.<ref>[[NIST Special Publication 800-152]], at 135.</ref>}} |
||
+ | |||
+ | == Overview == |
||
+ | |||
⚫ | Such [[testing]] should be one component of an overall [[security]] program that also includes assigned [[security]] responsibilities, [[risk assessment]], system requirements, planning, [[policies]], and procedures. This [[testing]] includes hands-on [[functional testing]], [[penetration testing]], and [[verification]]. |
||
+ | |||
⚫ | |||
<references /> |
<references /> |
||
== See also == |
== See also == |
||
− | <div style="column-count |
+ | <div style="{{column-count|2}}"> |
* [[Active security testing]] |
* [[Active security testing]] |
||
Line 28: | Line 36: | ||
</div> |
</div> |
||
⚫ | |||
− | [[Category:Legislation-U.S.-Federal]] |
||
− | [[Category:Legislation-U.S.-DMCA]] |
||
[[Category:DMCA]] |
[[Category:DMCA]] |
||
[[Category:Circumvention]] |
[[Category:Circumvention]] |
||
⚫ | |||
+ | [[Category:Testing]] |
Latest revision as of 18:07, 19 November 2021
Definitions[]
DMCA[]
Security testing means
“ | accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting, a security flaw or vulnerability, with the authorization of the owner or operator of such computer, computer system, or computer network.[1] | ” |
General[]
Security testing is
“ | [a] process used to determine that the security features of a system are implemented as designed. This includes hands-on functional testing, penetration testing, and verification.[2] | ” |
“ | [t]esting that attempts to verify that an implementation protects data and maintains functionality as intended.[3] | ” |
Overview[]
Such testing should be one component of an overall security program that also includes assigned security responsibilities, risk assessment, system requirements, planning, policies, and procedures. This testing includes hands-on functional testing, penetration testing, and verification.
References[]
- ↑ 17 U.S.C. §1201(j)(1)(A).
- ↑ Department of Defense, National Computer Security Center, Glossary of Computer Security Terms (NCSC-TG-004, Ver. 1) (Oct. 21, 1988).
- ↑ NIST Special Publication 800-152, at 135.
See also[]
- Active security testing
- Covert security testing
- External security testing
- Internal security testing
- NIST Special Publication 800-115 (Technical Guide to Information Security Testing and Assessment)
- Overt security testing
- Security test and evaluation
- Voting system security testing