Testing Methodologies
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hi there, and welcome back to our next lesson,
00:00
which is Testing Methodologies.
00:00
In this lesson, we'll be covering
00:00
testing classifications,
00:00
the different types of testing you'll encounter,
00:00
some issues regarding software testing,
00:00
the importance of data integrity testing,
00:00
application system testing, and the IS auditor's
00:00
role in the information system testing process.
00:00
Let's begin. To probably
00:00
stay in a little bit of the obvious
00:00
testing methodologies is the
00:00
integral to information systems implementation.
00:00
Information systems are complex
00:00
and it is quite easy throughout
00:00
the implementation process as the end result may not
00:00
necessarily meet the requirements of the system itself,
00:00
and so test to
00:00
determine the validity of
00:00
the implementation are fairly important.
00:00
As an IS auditor, you need to understand
00:00
the applications of these various forms of testing
00:00
and also understand how
00:00
to do quality assurance monitoring and
00:00
evaluation to contribute to
00:00
the quality of the internal processes.
00:00
Testing classifications, so we have a unit testing,
00:00
which as the name would suggest,
00:00
is testing a particular subset of the system itself.
00:00
We have interface or integration testing,
00:00
which tests how the various components
00:00
of the system talk to
00:00
one another or even integrate with
00:00
the rest of the system
00:00
that they're being introduced into.
00:00
We have system testing,
00:00
which tests the entire system,
00:00
and also finally, acceptance testing,
00:00
which is ensuring that the users are happy and
00:00
satisfied and the requirements
00:00
of the system have been met.
00:00
The other types of testing you're likely to encounter.
00:00
We have Alpha and Beta testing
00:00
commonly used in software which represents
00:00
small subset groups or
00:00
limited releases of the software at
00:00
different stages of development to
00:00
a certain population of the user base.
00:00
We have Pilot testing,
00:00
which is a designated group of users
00:00
who are picked to test the actual product itself,
00:00
white box and black box testing,
00:00
which is looking at testing from the perspective of
00:00
knowing what's within the system
00:00
and also not knowing what's within the system.
00:00
Function and validation testing to ensure that any of
00:00
the functions are producing
00:00
the end results in terms of the output data.
00:00
Regression testing, which is
00:00
testing any changes that have happened
00:00
to a given system so if is an upgrade or patch produced,
00:00
regression testing will ensure that
00:00
those changes haven't had
00:00
a negative effect on the system as a whole.
00:00
Parallel testing, in particularly
00:00
in introducing new systems,
00:00
you can basically run
00:00
a new system parallel with the old system to
00:00
determine the results and to ensure that the output
00:00
is valid and sociability testing.
00:00
In software testing, you basically
00:00
identify specific portions of the system to be tested.
00:00
Software is very complex and you're not
00:00
going to necessarily tackle it as a whole,
00:00
so you need to break it down into smaller components.
00:00
From that, you're likely to
00:00
get a number of different defects,
00:00
ranging from minor,
00:00
significant to critical to security-related.
00:00
There need to be categorizations in
00:00
terms of what the defects are found.
00:00
Data Integrity Testing is looking at
00:00
the actual data itself
00:00
rather than the system or
00:00
the system and how it uses the data,
00:00
so ensuring that the relations and
00:00
the references are all maintained to
00:00
the various different datasets and each of
00:00
the integrity requirements meet the acid atomicity,
00:00
consistency, isolation and durability tests.
00:00
Now for Application System Testing,
00:00
there's a few methodologies there.
00:00
Things such as snapshot, mapping,
00:00
tracing and tagging,
00:00
base case system evaluation, parallel operation,
00:00
again integrity testing facility,
00:00
parallel simulation, transactions selection programs,
00:00
and embedded audit data collection.
00:00
As an IS auditor,
00:00
What's your role in this information systems testing?
00:00
Well, basically it's to review any test plans
00:00
for completeness to ensure that the tests
00:00
being conducted are comprehensive and are likely to
00:00
address all potential critical aspects of the system,
00:00
reconcile the control totals and converted data.
00:00
If we are talking about
00:00
data in the new system and show that
00:00
the actual outputs as their expected.
00:00
Review any error reports,
00:00
so anything where something has gone
00:00
wrong, verify cyclical processing,
00:00
verify the accuracy of
00:00
critical reports and outputs so making sure that the data
00:00
is processed as is expected, interview end-users,
00:00
so ensuring that the end-users are happy or at least
00:00
able to work with the system and it's giving
00:00
them the functional requirements that they need,
00:00
review any parallel tests,
00:00
results for accuracy,
00:00
verify that the system security is functioning,
00:00
which is obviously a fairly critical aspect,
00:00
review any of the units in the system test plan,
00:00
review the user acceptance testing,
00:00
and review procedures for
00:00
recording and follow up for errors.
00:00
It's one thing to record them,
00:00
but we also need to make sure
00:00
that there is a process that
00:00
sound and robust enough
00:00
to ensure that these areas are fixed.
00:00
That is basically testing.
00:00
We've covered the different types of
00:00
testing classifications and the types of testing.
00:00
We've talked about software testing,
00:00
data integrity testing a little bit on
00:00
the application system testing and what the role of
00:00
the IS auditor is in information system testing.
00:00
Thanks for listening and
00:00
I will see you at the next lesson.
Up Next
