The present document describes a set of methodologies that combine security risk assessment and security testing activities in a systematic manner. This includes both risk assessment aimed to improve security testing and test based activities used to improve the security risk assessment. The methodologies are built upon a collection of consistently aligned activities with associated rules@ methods and best practices. The activities are described in such a way that they provide guidance for the relevant actors in security testing and security risk assessment processes (i.e. actors in the role of a security tester@ security test manager@ and/or risk assessor). The activities and their level of specification are based on standards like ISO 31000 [i.10]@ IEEE? 829-2008 [i.6] and ISO 29119 [i.9] so that they apply for a larger number of security testing and risk assessment processes on hand.
EG 203 251-2015 history
2016EG 203 251-2016 Methods for Testing & Specification; Risk-based Security Assessment and Testing Methodologies (V1.1.1)
2015EG 203 251-2015 Methods for Testing & Specification; Risk-based Security Assessment and Testing Methodologies (V1.1.1)