Chapter 6Security Assessment and Testing

This chapter covers the following topics:

  • Design and Validate Assessment, Test, and Audit Strategies: Explains the use of assessment, test, and audit strategies, including internal, external, and third-party strategies.

  • Conduct Security Control Testing: Concepts discussed include the security control testing process, including vulnerability assessments, penetration testing, log reviews, synthetic transactions, code review and testing, misuse case testing, test coverage analysis, and interface testing.

  • Collect Security Process Data: Concepts discussed include NIST SP 800-137, account management, management review and approval, key performance and risk indicators, backup verification data, training and ...

Get CISSP Cert Guide, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial