Chapter 8

Security Assessment and Testing


check Developing assessment and test strategies

check Performing vulnerability assessments, penetration tests, and more

check Collecting security process data

check Understanding test outputs

check Conducting internal, external, and third-party audits

In this chapter, you learn about the various tools and techniques that security professionals use to continually assess and validate an organization’s security environment. This domain represents 12 percent of the CISSP certification exam.

Design and Validate Assessment and Test Strategies

Modern security threats are rapidly and constantly evolving. Likewise, an organization’s systems, applications, networks, services, and users are frequently changing. Thus, it is critical that organizations develop an effective strategy to regularly test, evaluate, and adapt their business and technology environment to reduce the probability and impact of successful attacks, as well as achieve compliance with applicable ...

Get CISSP For Dummies, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.