15 Designing and Conducting Security Testing

In the previous chapter, you gained an understanding of different security control testing models, such as vulnerability assessments and penetration testing. In this chapter, you will explore security audits in depth – specifically, how to conduct audits and analyze the output.

An important part of security assessment and testing is collecting technical and administrative data to make sure that our systems are secure. With regular reviews and testing of systems and processes, gaps in knowledge and practices can be found and remediated. The data collecting process during such reviews includes checking that identity management and access control are being implemented correctly, reviewing training and ...

Get Certified Information Systems Security Professional (CISSP) Exam Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Certified Information Systems Security Professional (CISSP) Exam Guide by Ted Jordan, Ric Daza, Hinne Hettema

15

Designing and Conducting Security Testing

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly