Security Assessment and Testing

This chapter presents the following:

•  Internal, external, and third-party audits

•  Vulnerability testing

•  Penetration testing

•  Log reviews

•  Synthetic transactions

•  Code review and testing

•  Misuse case testing

•  Interface testing

•  Account management

•  Backup data verification

•  Disaster recovery and business continuity

•  Security training and security awareness

•  Key performance and risk indicators

•  Analyzing and reporting

•  Management review and approval

Trust, but verify.

—Russian proverb

You can hire the best people, develop sound policies and procedures, and deploy world-class technology in an effort to secure your information systems, but if you do not regularly assess ...

Get CISSP All-in-One Exam Guide, Eighth Edition, 8th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.