Fandom

The IT Law Wiki

Covert security testing

32,169pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definition Edit

Covert security testing (also known as black hat testing)

takes an adversarial approach by performing testing without the knowledge of the organization’s IT staff but with the full knowledge and permission of upper management. This type of test is useful for testing technical security controls, IT staff response to perceived security incidents, and staff knowledge and implementation of the organization’s security policy. Covert testing may be conducted with or without warning.[1]

Overview Edit

The purpose of covert testing is to examine the damage or impact an adversary can cause — it does not focus on identifying vulnerabilities. This type of testing does not test every security control, identify each vulnerability, or assess all systems within an organization. Covert testing examines the organization from an adversarial perspective, and normally identifies and exploits the most rudimentary vulnerabilities to gain network access.[2]

References Edit

  1. NIST Special Publication 800-115, at 2-5.
  2. Id. at 2-5 and 2-6.

Also on Fandom

Random Wiki