8.33 Test Information
Control
Test information should be appropriately selected, protected and managed.
Purpose
Test information in information security refers to the data and information that is used to perform security testing on software applications, procedures, systems and infrastructure. This can include test cases, test data, test scripts, and other information that is used to evaluate the security of the system being tested.
Implementation Guidance
Test information is important for security testing because it helps to ensure that the system being tested is thoroughly evaluated for security vulnerabilities. By providing a comprehensive set of test cases and test data, security testers can identify and fix vulnerabilities that may have been missed during development.It also helps to ensure that the system being tested meets the security requirements and that it complies with the industry standards and regulations.Test information is also used to document the testing process, and to provide evidence of the security of the system for compliance, regulatory and certification purposes.For example, test data might include a set of inputs that are designed to test the system's ability to handle unexpected or malicious input. Test cases might include scenarios that test the system's ability to handle different types of attacks, such as SQL injection or cross-site scripting.
ISO 27001:2022
Technological Controls
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.
27002:2022 Related Controls
CLick to view control
If you would like to know more about ISO Standards, Certification and the value of a good management system you can add to your business we would love to hear from you: Kent: 01892 800476 | London: 02037 458 476 | info@avisoconsultancy.co.uk
