Intermediate

Security Assessment and Testing (CISSP)

The Security Assessment and Testing domain exists to answer one question: are the controls the organization designed and implemented actually working, and are they actually mitigating ris...

This course covers the skills measured in the Security Assessment and Testing domain of the Certified Information Systems Security Professional (CISSP) examination. This domain represents 12% of the total exam and is organized around two core disciplines: developing a security testing strategy, and conducting tests and remediation. While it is presented as a standalone domain, security assessment and testing is in practice woven through every other domain of the CISSP body of knowledge — it is the mechanism by which an organization proves (or disproves) that the controls it designed and implemented are actually working.

Throughout the design and implementation of an information security management system, an organization examines risk, chooses safeguards and countermeasures, and selects secure architecture and network solutions. Security assessment and testing is the step that determines whether that effort actually paid off — no control can be trusted until it has been tested.

A useful way to frame the mindset of a tester: "The purpose of testing is not to see if the program works. The purpose of testing is to see if it fails." Testing must be approached from the perspective of a...

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

5 sections
  1. 1 Table of Contents
  2. 2 Module 1: Designing a Security Testing Strategy
  3. 3 Module 2: Conducting Tests, Remediation, and Security Audits
  4. 4 Self-Assessment Questions
  5. 5 Summary

More Governance, Risk & Compliance courses

View all 12

Interested in this course?

Contact us to book it or get a custom training plan for your team.