ETSI - EG 203 251
Methods for Testing & Specification; Risk-based Security Assessment and Testing Methodologies
|Publication Date:||1 January 2016|
The present document describes a set of methodologies that combine security risk assessment and security testing activities in a systematic manner. This includes both risk assessment aimed to improve security testing and test based activities used to improve the security risk assessment. The methodologies are built upon a collection of consistently aligned activities with associated rules, methods and best practices. The activities are described in such a way that they provide guidance for the relevant actors in security testing and security risk assessment processes (i.e. actors in the role of a security tester, security test manager, and/or risk assessor). The activities and their level of specification are based on standards like ISO 31000 [i.10], IEEE™ 829-2008 [i.6] and ISO 29119 [i.9] so that they apply for a larger number of security testing and risk assessment processes on hand.