SP 800-115. Technical Guide to Information Security Testing and Assessment

Authors:
Karen A. Scarfone;Murugiah P. Souppaya;Amanda Cody;Angela D. Orebaugh
Affiliations:
National Institute of Standards and Technology;National Institute of Standards and Technology;Booz Allen Hamilton;Booz Allen Hamilton
Venue:
SP 800-115. Technical Guide to Information Security Testing and Assessment
Year:
2008

Citing 0
Cited 2

Collaborative red teaming for anonymity system evaluation

CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test
A systematic review on security in Process-Aware Information Systems - Constitution, challenges, and future directions

Information and Software Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

The purpose of this document is to assist organizations in planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies. The guide provides practical recommendations for designing, implementing, and maintaining technical information security test and examination processes and procedures. These can be used for several purposes, such as finding vulnerabilities in a system or network and verifying compliance with a policy or other requirements. The guide is not intended to present a comprehensive information security testing and examination program but rather an overview of key elements of technical security testing and examination, with an emphasis on specific technical techniques, the benefits and limitations of each, and recommendations for their use.