Security controls will be defined and security testing will be conducted at the individual levels. For ACA, the security controls and the related planned elements at which level the tests will be conducted are as followed
Business impact analysis would be conducted.
IT System data would be classified and will be cross checked to see they are used and managed as per classifications.
System inventory mock trials are done for risk assessment.
Security Audits are done.
IT Contingency planning
The continuity of business operations would be tested with the implemented network policy.
Disaster tests and recovery planning would be done.
Systems level tests and developmental tests would be conducted as to check. consistency and reliability in the context of a contingency situation .
IT Systems Security
In terms of IT system security, the testing would be done by a variety of system tests and network tests.
System interoperability tests will be conducted.
Malicious hack testing would be done.
Logical Access Control
Access control testing in the form of account management to the network, password management and more would be tested.
Remote access testing would be done.
Encryption method testing
Physical Security testing in the form of threat detection, security logging and more would be done.
Assets protection and asset control management testing would be done.
Performance testing, device testing, I/O testing and smoke tests would be conducted.