X hits on this document

Powerpoint document

HHS Cybersecurity Program Training Information Security for Information Technology (IT) Administrato... - page 99 / 158

411 views

0 shares

0 downloads

0 comments

99 / 158

U.S. Department of Health and Human Services

Types of testing that an IT Administrator may conduct to test security controls periodically between security authorization cycles are vulnerability scanning and penetration testing.

Vulnerability scanning is an automated process to identify vulnerabilities of computing systems in a network to determine if and where a system can be exploited and/or threatened. It seeks out security flaws based on a database of known flaws, tests systems for the occurrence of these flaws, and generates a report of the findings.

Penetration testing is testing in which an evaluator attempts to circumvent the security features of a system based on their understanding of the system design and implementation. The purpose is to identify methods of gaining access to a system by using common tools and techniques used by attackers.

For additional information, refer to the HHS IT Penetration Testing Guide located at http://intranet.hhs.gov/it/cybersecurity/index.html

Page 12 of 12

Operations and Maintenance Phase

Security Testing

Document info
Document views411
Page views411
Page last viewedWed Dec 07 19:21:59 UTC 2016
Pages158
Paragraphs2058
Words16945

Comments