Read the NIST special publication, NIST-SP-800-115, Technical Guide to Information Security Testing and Assessment. Write a paper briefly discussing the issue of performing your own security testing. When and how often should this be accomplished? To include what aspects of security? When and why would you want an external organization to perform security testing for your organization? What, if anything, is different about tests performed by an external organization from what you might do yourself?
Sample Solution
