The evaluation of an information system or device to determine the strength of security measures, identify deficiencies, analyze data to estimate the effectiveness of new security measures, and verify the effectiveness of these measures after implementation.