Security Test and Evaluation (ST&E) is a component of risk assessment. It is useful in
discovering system vulnerabilities. For what purposes is ST&E used? Each correct answer
represents a complete solution. Choose all that apply.
A.
To uncover design, implementation, and operational flaws that may allow the
violation of security policy
B.
To implement the design of system architecture
C.
To determine the adequacy of security mechanisms, assurances, and other
properties to enforce the security policy
D.
To assess the degree of consistency between the system documentation and its
implement ation