×
  • Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

A Security Testing Methodology that Fits Every IT Budget

by on Oct 24, 2010

  • 1,531 views

There are many different methodologies for implementing and testing security controls in an IT system to ensure that it is operating under an “acceptable level of risk.” Many of these ...

There are many different methodologies for implementing and testing security controls in an IT system to ensure that it is operating under an “acceptable level of risk.” Many of these methodologies require the use of software to aid in this measurement. While the execution of technical tools is important, it can sometimes place a financial burden on an organization (especially a small business) that may not have the resources to purchase the software or hire trained personnel to run the tools and conduct an analysis of the results.

This presentation provides an overview of a security testing methodology developed by the Federal Government through the Department of Commerce’s National Institute of Standards and Technology (NIST) Computer Security Division that is available for use by the security community at no cost. The NIST methodology allows an organization to test their security posture by analyzing controls that are listed in 18 different security categories.

Attendees will:

1. Be presented a comprehensive security testing approach that limits the need for using automated tools

2. Take away an understanding of National Institute of Standards and Technology (NIST) security controls and learn how to apply them to their information systems

3. Be shown techniques for documenting testing results

4. Be apprised of best practices for conducting security testing of information systems

Tom Hasman, Senior Information Security Analyst, SRA International


Tom is Senior Information Security Analyst on the Information Assurance team for SRA International. Tom specializes in Security Tests & Evaluations in support of the government’s Certification & Accreditation process.

He performs risk assessments and makes recommendations to clients for prioritizing and mitigating vulnerabilities. Tom also develops security policies and procedures for government clients.

Statistics

Views

Total Views
1,531
Views on SlideShare
1,531
Embed Views
0

Actions

Likes
0
Downloads
54
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via SlideShare as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
Post Comment
Edit your comment

A Security Testing Methodology that Fits Every IT Budget A Security Testing Methodology that Fits Every IT Budget Presentation Transcript