2 cissp ® Official Study Guide Eighth Edition

C. Vulnerability analysis D

Download 19,3 Mb.

Pdf ko'rish

bet	619/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 615 616 617 618 619 620 621 622 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Domain 6: Security Assessment and Testing

C.
Vulnerability analysis
D.
Access review and audit
20.
Management wants to ensure that the consultant has the correct priorities while doing her
research. Of the following, what should be provided to the consultant to meet this need?
A.
Asset valuation
B.
Threat modeling results
C.
Vulnerability analysis reports
D.
Audit trails

Chapter
15
Security Assessment
and Testing
The CISSP exAm ToPICS Covered In
ThIS ChAPTer InClude:
✓
Domain 6: Security Assessment and Testing
■
6.1. Design and validate assessment, test, and audit strategies
■
6.1.1 Internal
■
6.1.2 External
■
6.1.3 Third-party
■
6.2. Conduct security control testing
■
6.2.1 Vulnerability assessment
■
6.2.2 Penetration testing
■
6.2.3 Log reviews
■
6.2.4 Synthetic transactions
■
6.2.5 Code review and testing
■
6.2.6 Misuse case testing
■
6.2.7 Test coverage analysis
■
6.2.8 Interface testing
■
6.3. Collect security process data
■
6.3.1 Account management
■
6.3.2 Management review and approval
■
6.3.3 Key performance and risk indicators
■
6.3.4 Backup verification data
■
6.4. Analyze test output and generate report
■
6.5. Conduct or facilitate security audits
■
6.5.1 Internal
■
6.5.2 External
■
6.5.3 Third Party

Throughout this book, you’ve learned about many of the
different controls that information security professionals
implement to safeguard the confidentiality, integrity, and
availability of data. Among these, technical controls play an important role protecting
servers, networks, and other information processing resources. Once security professionals
build and configure these controls, they must regularly test them to ensure that they con-
tinue to properly safeguard information.
Security assessment and testing programs perform regular checks to ensure that ade-
quate security controls are in place and that they effectively perform their assigned func-
tions. In this chapter, you’ll learn about many of the assessment and testing controls used
by security professionals around the world.
Building a Security Assessment and
Testing Program
The cornerstone maintenance activity for an information security team is their security
assessment and testing program. This program includes tests, assessments, and audits that
regularly verify that an organization has adequate security controls and that those security
controls are functioning properly and effectively safeguarding information assets.
In this section, you will learn about the three major components of a security assessment
program:
■
Security tests
■
Security assessments
■
Security audits

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 615 616 617 618 619 620 621 622 ... 881