Tuesday, 04 November 2008

NIST: Technical Guide to Information Security Testing and Assessment

NIST have released their Technical Guide to Information Security Testing and Assessment (SP 800-115). The document outlines at a high level what an assessment program should contain and the various facets thereof. It is extremely important for every assessment to include the classic powerpoint extension of any solution, People, Process and Technology (PPT).

The guide is not technical (for techies) but does present a good overview of what a Security Assessment program within an organisation should contain, its general approach and what skills are required by the people within the team. Don't expect job descriptions or list of applications that they must be proficient in...

A good read if you are setting up an Assessment unit within your organisation or if you want to put in place some structure around your existing Security Assessment programme. I will definately be using it to put a bit of structure into my teams assessment process, particularily around the business engagement, planning and the policy environment.

No comments: