IV.A.2     Types of Tests and Evaluations

Information security management may use several tools to gain confidence that the information security program is operating as expected and reaching the intended goals. The primary tools include self-assessments, penetration tests, vulnerability assessments, and audits. The coverage and depth of the various tools directly relates to the confidence gained in the information security program.


Previous Section
IV.A.1 Key Testing Factors
Next Section
IV.A.2(a) Self-Assessments