CISSP: Security Assessment and Testing

(Designing, Performing, and Analyzing Security Testing)

This involves the:

  • Evaluation of information assets / associated infrastructure

and all of the

  • Tools and techniques

for the purpose of

  • Identifying Risk
  • Mitigating Risk

due to

  • Architecture issues
  • Design flaws
  • Configuration Errors
  • Hardware and software vulnerabilities
  • Coding errors

with any other weakness that may affect the system.

This is why you'll need to have handy your:

  • Information Security Plans
  • IS Policies
  • IS Processes
  • IS Procedures

You'll likely need to work with experts in the testing things like:

  • Vulnerability Assessments
  • Penetration Testing
  • Synthetic transactions
  • Code Reviews
  • Testing
  • Misuese case
  • Interface testing

Don't forget about the

  • Policies and Procedures

because they need to be continuously applied…

The main area of application will include:

  • Disaster Recovery Plans
  • Business Continuity Plans

they will need to be:

  • Maintained
  • Updated
  • Function as intended

in the event of a disaster

Therefore, you'll have a closely integrated security team who will be

  • Collecting process data
  • Cecurity process data

Testing topics will include

  • Account Management
  • Management Reviews
  • Key Performance Indicators
  • Risk Indicators
  • Verification of backups
  • Training and awareness
  • Disaster Recover 
  • Business Continuity

Finally, you need to be able to:

  • analyze 
  • report

of the

  • assessment planned results and mitigation strategies

so the can be

  • developed
  • implemented

This domain is weighted heavily on audit principles.  If you have a CISA background, you get a break here!

Course Content

Lessons Status

Leave Comment

Your email address will not be published. Required fields are marked *