Chapter 6
Security Assessment and Testing
This chapter covers the following topics:
Design and Validate Assessment and Testing Strategies: Concepts discussed include the use of assessment, test, and audit strategies, including internal, external, and third-party strategies.
Conduct Security Control Testing: Concepts discussed include the security control testing process, including vulnerability assessments, penetration testing, log reviews, synthetic transactions, code review and testing, misuse case testing, test coverage analysis, and interface testing.
Collect Security Process Data: Concepts discussed include NIST SP 800-137, account management, management review and approval, key performance and risk indicators, backup verification data, ...
Get CISSP Cert Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.