This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Murugiah Souppaya of NIST, and by Amanda Cody and Angela Orebaugh of Booz Allen Hamilton. The new guide discusses the basic technical aspects of conducting information security assessments, and presents technical testing and examination methods that an organization might use as part of an assessment. The bulletin summarizes the information in the guide to help organizations apply the technical testing and examination methods, and covers methodologies and techniques for information security assessments, phases for planning, conducting and evaluating assessments, techniques for testing and assessment, and organizational approaches to testing. The bulletin also includes NIST s recommendations to organizations for planning and implementing information security assessment activities.
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Murugiah Souppaya of NIST, and by...
See full abstract
This bulletin summarizes information disseminated in NIST Special Publication (SP) 800-115, Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology, which was written by Karen Scarfone and Murugiah Souppaya of NIST, and by Amanda Cody and Angela Orebaugh of Booz Allen Hamilton. The new guide discusses the basic technical aspects of conducting information security assessments, and presents technical testing and examination methods that an organization might use as part of an assessment. The bulletin summarizes the information in the guide to help organizations apply the technical testing and examination methods, and covers methodologies and techniques for information security assessments, phases for planning, conducting and evaluating assessments, techniques for testing and assessment, and organizational approaches to testing. The bulletin also includes NIST s recommendations to organizations for planning and implementing information security assessment activities.
Hide full abstract
Keywords
assessment methodology; information security; information technology; network security; risk management; security assessment; security controls; security testing; system security; system vulnerabilities; threats to systems
