Security Assessment and Testing (CISSP)
The Security Assessment and Testing domain exists to answer one question: are the controls the organization designed and implemented actually working, and are they actually mitigating ris...
This course covers the skills measured in the Security Assessment and Testing domain of the Certified Information Systems Security Professional (CISSP) examination. This domain represents 12% of the total exam and is organized around two core disciplines: developing a security testing strategy, and conducting tests and remediation. While it is presented as a standalone domain, security assessment and testing is in practice woven through every other domain of the CISSP body of knowledge — it is the mechanism by which an organization proves (or disproves) that the controls it designed and implemented are actually working.
Throughout the design and implementation of an information security management system, an organization examines risk, chooses safeguards and countermeasures, and selects secure architecture and network solutions. Security assessment and testing is the step that determines whether that effort actually paid off — no control can be trusted until it has been tested.
A useful way to frame the mindset of a tester: "The purpose of testing is not to see if the program works. The purpose of testing is to see if it fails." Testing must be approached from the perspective of a...
Sign in to read this course
A free account unlocks all 514 courses. 20 are readable without one.
What's inside
5 sections- 1 Table of Contents
- 2 Module 1: Designing a Security Testing Strategy
- 3 Module 2: Conducting Tests, Remediation, and Security Audits
- 4 Self-Assessment Questions
- 5 Summary
More Governance, Risk & Compliance courses
View all 12Governance, Security and GRC
governance · security · grc · risk · compliance · networking · systems · information · controls · impact · processes · program · regulatory.
Government Facilities: Specialized Engineering
government · facilities · specialized · engineering · governance · risk · compliance · networking · systems · security · controls · physical · assessing · dod · environmental · facility ·...
Information & Cyber Security: GRC and Risk Management
This course walked through a complete, practical approach to performing information and cybersecurity risk assessments across a business lifecycle, using a running cloud-migration case st...
Information Systems Operations and Business Resilience (ISACA CISA)
This domain — information systems operations and business resilience — is worth 26% of the CISA examination when combined with its companion operations-focused course. The business-resili...
Microsoft Security, Compliance and Identity Fundamentals
In IT, compliance is a set of digital security requirements and practices. Following compliance requirements helps ensure that a company's business processes are secure and that sensitive...
NIST Risk Management Framework (RMF)
The RMF is a process model consisting of seven clearly defined steps, each with specific associated activities. While it is often described sequentially, it is in fact an iterative model:...
Interested in this course?
Contact us to book it or get a custom training plan for your team.