Security Assessment and Testing

Organizations must routinely perform vulnerability assessment and penetration testing to evaluate the effectiveness of their current security policies, procedures, and implementation strategies and to identify potential exposures. Audit trails, or logs (log files), provide a method of tracking and reviewing system, network, application, and user activities. Security audits can be performed as part of security certification and accreditation processes to verify that specified security requirements are being met. Both tests and simulated attack scenarios can also be executed to evaluate the current security postures of organizations.

These assessments should be coupled with security awareness and training initiatives, ensuring users are both aware of management's goals and expectations for protecting organizational assets and understand their role in protecting those assets.

Click on each of the following links for topics related to the Certified Information Systems Security Personnel (CISSP) Common Body of Knowledge to help you better understand the subject area.

References

Ouyang, A. (n.d.). Access control domain. In CISSP common body of knowledge review. Used under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported license. Retrieved from http://opensecuritytraining.info/CISSP-8-AC_files/8-Access_Control.pdf

Ouyang, A. (n.d.). Business continuity & disaster recovery planning domain. In CISSP common body of knowledge review. Used under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported license. Retrieved from http://opensecuritytraining.info/CISSP-9-BCDRP_files/9-BCP+DRP.pdf

Ouyang, A. (n.d.). Operations security domain. In CISSP common body of knowledge review. Used under the Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported license. Retrieved from http://opensecuritytraining.info/CISSP-4-OS_files/4-Operations_Security.pdf