Security Assessment Principles

Security Assessment Principles - What are they?

Security Assessment Principles/security testing principles are principles that should be followed by every security professional who does security testing on an organization.

Overview of Security Assessment Principles


  

Working Ethically

Professionals should not hide their security vulnerability findings. Should not have any hidden agenda.

Respect Privacy

Clients' information should be kept private. This can be their plain text email passwords, files recovered during the scans.

Don't Crash the Systems

Ensure that your own tests do not overwhelm or crash the systems. It can be due to a DOS test or running too many tests.

Plan your testing

Have a detailed plan for what you are going to test and consequences you may face due to the testing.

Get approval for your plan

Get your plan approved from authorities as required. It may be from your Cloud Service provider, ISP, from your Boss. What will you do if someone raises a flag on the testing activities should be addressed.

Systems to be tested

  • Start with the most critical systems or the systems that you think will have more vulnerabilities.
  • Make decisions on systems that are used by employees who are working from home. Check if their home network is connected to other critical devices like medical devices.

Have a contingency plan

  • If a web application goes down during testing how to handle it?
  • System unavailability can lead to reduced performance and business loss. Determine the consequences of your testing and the risks involved. Have a risk mitigation plan.

Should the security controls be enabled?

Make a decision on whether the security controls like firewalls, IDS should be enabled while performing the tests or whether they should be disabled to get a broader picture of the vulnerabilities that prevail in the systems.

Know about the Systems

You need to have a basic understanding of the Systems you are testing. This will give you an understanding about critical systems and their tasks related to the organization.

Actions to be taken on finding a Vulnerability

When a vulnerability is discovered, report the same to authorities so that it can be plugged before being exploited by black hat hackers.

Implement Recommendations

  • Plan and upgrade
  • Implement the recommendations to make the systems are more secure
  • Consistently update the tools used in security testing.
  • Plan for regular security assessments (monthly, quarterly, biannually)

Disclaimer

The content provided on this page is for educational purposes only. It is intended to demonstrate the vulnerabilities of computer systems and networks and to promote ethical hacking practices. Any unauthorized use of the information or tools presented here is strictly prohibited and may violate applicable laws.

By accessing and using this information, you agree to the following:

  • No Malicious Use: You will not use the information or tools to harm others, damage property, or violate any laws.
  • Ethical Use: You will use the information and tools responsibly and ethically, respecting the privacy and security of others.
  • Legal Compliance: You will comply with all applicable laws and regulations regarding hacking and cybersecurity.

It is important to note that hacking systems without proper authorization is illegal and unethical. If you have concerns about the security of your own systems, please consult with a qualified security professional.