Chapter 6

Security Assessment and Testing

This chapter covers the following topics:

  • Design and Validate Assessment and Testing Strategies: Concepts discussed include the use of assessment, test, and audit strategies, including internal, external, and third-party strategies, and the effect location has on the testing.

  • Conduct Security Control Testing: Concepts discussed include the security control testing process, including vulnerability assessments, penetration testing, log reviews, synthetic transactions, code review and testing, misuse case testing, test coverage analysis, and interface testing.

  • Collect Security Process Data: Concepts discussed include NIST SP 800-137, account management, management review and approval, key performance and ...

Get CISSP Cert Guide, 5th Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.