ATIS Telecom Glossary
Friday, October 24, 2014

A B C D E F G H I
J K L M N O P Q R
S T U V W X Y Z  
Go
 
Glossary Home
Foreword
Introduction
Normative References
Using the ATIS Telecom Glossary
Annex A: Informative References
 
 
 
<< Back
flaw hypothesis methodology

1. System analysis and penetration technique in which the specification and documentation for an information system (IS) are analyzed to produce a list of hypothetical flaws. This list is prioritized on the basis of the estimated probability that a flaw exists, on the ease of exploiting it, and on the extent of control or compromise it would provide. The prioritized list is used to perform penetration testing of a system. [INFOSEC-99]   2.    A system analysis and penetration technique where specifications and documentation for the system are analyzed and then flaws in the system are hypothesized. The list of hypothesized flaws is then prioritized on the basis of the estimated probability that a flaw actually exists and, assuming a flaw does exist, on the ease of exploiting it and on the extent of control or compromise it would provide. The prioritized list is used to direct the actual testing of the system [TCSEC].

 

 

 

 

 

 

 

 

 

 



 
These definitions were prepared by ATIS Committee PRQC
 
For more information on the work related to these definitions,
please visit the ATIS website and the ATIS Document Center