Standard

ETSI EG 203 251

Not set

Corrigenda and amendments are bought separately.

Language
Services

Abstract

The present document describes a set of methodologies that combine security risk assessment and security testing activities in a systematic manner. This includes both risk assessment aimed to improve security testing and test based activities used to improve the security risk assessment. The methodologies are built upon a collection of consistently aligned activities with associated rules, methods and best practices. The activities are described in such a way that they provide guidance for the relevant actors in security testing and security risk assessment processes (i.e. actors in the role of a security tester, security test manager, and/or risk assessor). The activities and their level of specification are based on standards like ISO 31000 [i.10], IEEE™ 829-2008 [i.6] and ISO 29119 [i.9] so that they apply for a larger number of security testing and risk assessment processes on hand.

Document information

  • Standard from ETSI_AC
  • Published:
  • Version: 0
  • Document type: IS
  • Additional information
  • V1.1.1