Understand the security risks of an IT system.
Find and prioritise vulnerabilities in systems or services and determine their impact on the confidentiality, integrity and availability of information. Impacts also include safety risks and privacy risks. Assess controls that mitigate risks. Several methods may further aid a security test: guideline conformity analysis, a configuration review, penetration testing or red team/ blue team plays.
- Test tooling.
- A hacker’s attitude.
- A focus on intentional threats and threat actors.
Companies use security tests to uncover vulnerabilities in systems to prevent data leaks or system failures (and bad press). In some cases, security tests are required to prove compliance with certain standards or regulations.