This is the content of security assessment and test of CISSP®
This domain 6 is worth 12% of the grade to be achieved
Domaine 6 du CISSP®
Content updated according to the new official programme for 2024
| N° | Description | |
|---|---|---|
| 6.1 | Design and validate assessment, test, and audit strategies | |
| 6.1.1 | Internal | |
| 6.1.2 | External | |
| 6.1.3 | Third-party | |
| 6.2 | Conduct security Control testing | |
| 6.2.1 | Vulnerability assessment | |
| 6.2.2 | Penetration testing | |
| 6.2.3 | Log reviews | |
| 6.2.4 | Synthetic transactions | |
| 6.2.5 | Code review and testing | |
| 6.2.6 | Misuse case testing | |
| 6.2.7 | Test coverage analysis | |
| 6.2.8 | Interface testing | |
| 6.2.9 | Breach attack simulations | |
| 6.2.10 | Compliance Checks | |
| 6.3 | Collect security process data (eg, technical and administrative) | |
| 6.3.1 | Account management | |
| 6.3.2 | Management review and approval | |
| 6.3.3 | Key performance and risk indicators | |
| 6.3.4 | Backup verification data | |
| 6.3.5 | Training and awareness | |
| 6.3.6 | Disaster Recovery (DR) and Business Continuity(BC) | |
| 6.4 | Analyze test output and generate report | |
| 6.4.1 | Remediation | |
| 6.4.2 | Exception handling | |
| 6.4.3 | Ethical disclosure | |
| 6.5 | Conduct or facilitate security audits | |
| 6.5.1 | Internal | |
| 6.5.2 | External | |
| 6.5.3 | Third-party |