Definition Edit

An information security assessment is

the process of determining how effectively an entity being assessed (e.g., host, system, network, procedure, person mdash; known as the assessment object) meets specific security objectives.[1]

Overview Edit

Three types of assessment methods can be used to accomplish this:

  • Testing is the process of exercising one or more assessment objects under specified conditions to compare actual and expected behaviors.
  • Examination is the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence.
  • Interviewing is the process of conducting discussions with individuals or groups within an organization to facilitate understanding, achieve clarification, or identify the location of evidence.

Assessment results are used to support the determination of security control effectiveness over time.[2]

References Edit

  1. NIST Special Publication 800-115, at ES-1.
  2. Id.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.