Technical Guide to Information Security Testing and Assessment This guide explains the basic technical aspects of conducting information security assessments, from technical testing and examination methods and techniques to insights on the potential impact they may have on systems and networks. An information security assessment is the process of determining how effectively an entity being […]
This guide explains the basic technical aspects of conducting information security assessments, from technical testing and examination methods and techniques to insights on the potential impact they may have on systems and networks.
An information security assessment is the process of determining how effectively an
entity being assessed (e.g., host, system, network, procedure, person — known as
the assessment object) meets specific security objectives. Three types of assessment
methods can be used to accomplish this — testing, examination, and interviewing.
Testing is the process of exercising one or more assessment objects under specified
conditions to compare actual and expected behaviors. Examination is the process of
checking, inspecting, reviewing, observing, studying, or analyzing one or more
assessment objects to facilitate understanding, achieve clarification, or obtain
evidence. Interviewing is the process of conducting discussions with individuals or
groups within an organization to facilitate understanding, achieve clarification, or
identify the location of evidence. Assessment results are used to support the
determination of security control effectiveness over time.
This document, provided by the National Institute of Standards and Technology, is a
guide to the basic technical aspects of conducting information security assessments. It
presents technical testing and examination methods and techniques that an organization
might use as part of an assessment, and offers insights to assessors on their execution
and the potential impact they may have on systems and networks. For an assessment to be
successful and have a positive impact on the security posture of a system (and
ultimately the entire organization), elements beyond the execution of testing and
examination must support the technical process. Suggestions for these activities
— including a robust planning process, root cause analysis, and tailored
reporting — are also presented in this guide.
The attached Zip file includes:
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
