Security testing Strategy and Plan Flashcards
ISO/ IEC 25010: 2011
Systems and Software Engineering - Systems and software Quality Requirements and evaluation (SQuaRE) - Systema and Software Quality models.
Deals with system functionality, reliability and usability and efficiency, maintainability and portability.
Info applicable to Security Requirements.
(SSE-CMM) is also known as ISO/ IEC 21827: 2008
standard for evaluating security engineering capabilities in an organization.
In secure system lifecycle, includes concept definition, requirements analysis, design, development, integration, installation, operations, maintenance, and decommissioning.
Organized into 11 processes and maturity level is a standard CMM metric.
OSSTMM
Open Source Security Testing Methodology Manual is a peer-reviewed system describing security testing.
includes five security testing sections: data networks, telecommunications, wireless, physical, and human (Social Engg controls, user awareness).
can also be used to assist in auditing, as it highlights what is important to verify regarding functional operational security.
