October 2022
Intermediate to advanced
398 pages
14h 14m
English
Auditing security controls across the IT infrastructure involves testing the controls or countermeasures using available documents, interviews, and personal observation.
This section provides an overview of testing and validating controls based upon NIST SP800-53A, which provides an approach to assessing security controls. Regardless of the exact methods used, however, the principles are the same.
Each control to be tested should have an accompanying assessment objective. The objective provides the foundation or high-level statement to determine the effectiveness of the control. Based on this, one or more assessment objectives are validated ...
Read now
Unlock full access