CISSP: Security Assessment and Testing

Overview/Description
The time spent planning and establishing security controls isn't worth much if you don't spend time ensuring that those security designs work. In this course, you'll learn how to design and validate security control assessment and test strategies, and perform vulnerability assessments. This course also covers how to perform log reviews, code reviews and tests, and perform penetration testing to test security controls. Finally, you'll learn about best practices for collecting security test data, and analyzing test outputs so you can identify gaps and implement any further required security controls in the overall security design. This course is one of a series in the Skillsoft learning path that covers the objectives for the Certified Information Systems Security Professional (CISSP) exam.

Target Audience
Individuals interested in information systems security concepts, methodologies and best practices; candidates for the Certified Information Systems Security Professional (CISSP) exam

Prerequisites
None

Expected Duration (hours)
1.5

Lesson Objectives

CISSP: Security Assessment and Testing

• start the course
• identify best practices when designing assessment and test strategies
• identify best practices when validating assessment and test strategies
• perform a vulnerability assessment
• use penetration testing as a method for conducting security control testing
• use log reviews as part of security control testing
• use synthetic transactions as a security control testing technique
• distinguish between code review and testing types for security control testing
• use misuse case testing as a security control testing technique
• perform test coverage analysis as part of security control testing
• use interface testing as a security control testing technique
• list CWE and SAN top software vulnerabilities
• define an Information Systems Continuous Monitoring strategy
• implement an Information Systems Continuous Monitoring strategy
• define security controls and metrics as part of a risk management framework
• use account management data for security assessment and testing
• use key performance and risk indicators data for security assessment and testing
• use backup verification data for security assessment and testing
• use training and awareness data for security assessment and testing
• use disaster recovery and business continuity data for security assessment and testing
• identify best practices for analyzing security assessment and testing results
• identify best practices for reporting security assessment and testing results
• identify best practices for performing internal audits
• identify best practices for performing third-party audits
• describe the process for conducting an audit
• select appropriate security control testing techniques