Chapter 5

Assessment of Security Controls

The security control assessment follows the approved plan, including defined procedures, to determine the effectiveness of the controls in meeting security requirements of the information system. The results are documented in the security assessment report.

Certified Authorization Professional (CAP®) Candidate Information Bulletin, November 2010

Topics

Scope of Testing
Level of Effort
Assessor Independence
Developing the Test Plan
The Role of the Host
Test Execution
Documenting Test Results
NIST Guidance on Assessment of Security Control Effectiveness

Objectives

As a Certified Authorization Professional (CAP®), you are expected to

Prepare for security control assessment
Establish security control ...

Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition by Patrick D. Howard

Assessment of Security Controls

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly