IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Organisation Remarks<br />

____________________________________________________________________ .........................................<br />

On the basis of the shortlist drawn up during the preselection stage, those<br />

products should be selected which are to be tested. A test plan is then<br />

compiled.<br />

This plan comprises the following:<br />

- Determining the contents of the test on the basis of the Requirements<br />

Catalogue<br />

- Checking references<br />

- Determining the total testing time<br />

- Time planning, including time required for each test<br />

- Determining persons-in-charge of testing<br />

- Testing environment<br />

- Contents of the test documentation<br />

- Determining decisive criteria<br />

<strong>The</strong>se points are described in detail below.<br />

Determining the contents of the test on the basis of the Requirements<br />

Catalogue<br />

<strong>The</strong> requirements which are to be tested are selected on the basis of the<br />

Requirements Catalogue. In particular, these should be the features which are<br />

of great importance or which have a high confidence factor.<br />

Checking references<br />

Initial references were obtained during the preselection stage (see S 2.81<br />

Preselection of a Suitable Standard Software Product). <strong>The</strong>se can also be<br />

obtained if the external test group gives rise to sufficient confidence.<br />

If a certificate was issued for the product in accordance with the criteria for<br />

the evaluation of the security of <strong>IT</strong> systems (<strong>IT</strong>SEC) or the Common Criteria<br />

(CC), the certification report should be used to check to what extent the test<br />

results can be taken into consideration.<br />

An internal test can either be dispensed with or conducted on a small scale.<br />

<strong>The</strong> test capacities this leaves free can be distributed among other tests.<br />

Determining the total testing time<br />

In order to limit the time required for testing, the total time should be<br />

determined in advance, e.g. in working days or by setting a deadline.<br />

Time planning, including time required for each test<br />

When testing several products, it is recommended to run comparative tests.<br />

This means that all products are tested by one test group or in regard to one<br />

requirement of the Requirement Catalogue. <strong>The</strong> testing time should thus be<br />

determined for each requirement of the Requirement Catalogue and is thus<br />

automatically distributed evenly among all products to be tested. <strong>The</strong> testing<br />

time results from the testing depth and complexity of the feature. <strong>The</strong> testing<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!