IN THIS CHAPTER
Developing assessment and test strategies
Performing vulnerability assessments, penetration tests, and more
Collecting security process data
Understanding test outputs
Conducting internal, external, and third-party audits
In this chapter, you learn about the various tools and techniques that security professionals use to continually assess and validate an organization’s security environment. This domain represents 12 percent of the CISSP certification exam.
Modern security threats are rapidly and constantly evolving. Likewise, an organization’s systems, applications, networks, services, and users are frequently changing. Thus, it is critical that organizations develop an effective strategy to regularly test, evaluate, and adapt their business and technology environment to reduce the probability and impact of successful attacks, as well as achieve compliance with applicable ...