2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet624/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   620   621   622   623   624   625   626   627   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Auditing Standards
When conducting an audit or assessment, the team performing the review should be clear about 
the standard that they are using to assess the organization. The standard provides the descrip-
tion of control objectives that should be met, and then the audit or assessment is designed to 
ensure that the organization properly implemented controls to meet those objectives.
One common framework for conducting audits and assessments is the 
Control Objectives 
for Information and related Technologies (COBIT).
COBIT describes the common require-
ments that organizations should have in place surrounding their information systems.
The International Organization for Standardization (ISO) also publishes a set of stan-
dards related to information security. ISO 27001 describes a standard approach for setting 
up an information security management system, while ISO 27002 goes into more detail on 
the specifics of information security controls. These internationally recognized standards 
are widely used within the security field, and organizations may choose to become officially 
certified as compliant with ISO 27001.

668
Chapter 15 

Security Assessment and Testing
Performing Vulnerability Assessments 
Vulnerability assessments are some of the most important testing tools in the information 
security professional’s toolkit. Vulnerability scans and penetration tests provide security pro-
fessionals with a perspective on the weaknesses in a system or application’s technical controls. 
Just to be clear on terminology, vulnerability assessments as they are 
described in this chapter are actually security
testing
tools, not security 
assessment
tools. They probably should be called vulnerability tests for 
linguistic consistency, but we’ll stick with the language used by (ISC) 
2
in 
the official CISSP body of knowledge.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   620   621   622   623   624   625   626   627   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish