Describe how the actual application and system security evaluation process is done.
What will be an ideal response?
The actual application and system security evaluation process is usually done by a team that may be composed of everyone from developers and users through independent consultants. The conduct of the application and system security evaluation is based on a formally documented evaluation plan. Normally, the involved parties select and describe a valid set of test requirements and the applicable assurance cases. The evaluators must ensure that whatever test requirements, cases, and specifications they define truly reflect the conditions for the intended situation. The evaluator agent then conducts the tests from that defined set of requirements, cases, and specifications.
You might also like to view...
A ___________ entails any set of activities, methods, and practices used in the production and evolution of ICT.
Fill in the blank(s) with the appropriate word(s).
The ____ is located within the top margin of a document.
A. capper B. header C. base D. footer
Which Boolean operator is always implied between two search terms, unless otherwise specified?
A. OR B. NOT C. AND D. XOR
Data warehousing processes does not include
A. modeling data B. condensing data C. extracting data D. transforming data