Rating: 5 out of 5 stars
5/5
Ebook105 pages59 minutes
Security Assessment and Testing: CISSP, #6
Rating: 2 out of 5 stars
2/5
()
About this ebook
Security Assessment and Testing is the 6th domain of the CISSP's common body of knowledge. In this course we will cover the following: assessment and testing strategies, security control effectiveness testing. security process data collection, test result analysis, third-party assessment and Information Security Continuous Monitoring (ISCM),
Author
Selwyn Classen
A seasoned and highly qualified IT/IS professional with over 20 years working experience within the Petrochemical industry (i.e. Supply chain management, Knowledge management, Product and Quality management, Business analysis and processing) including the Telecommunications industry.
Read more from Selwyn Classen
Risk Management and Information Systems Control Incident Management Rating: 0 out of 5 stars0 ratings
Related to Security Assessment and Testing
Titles in the series (8)
Security and Risk Management: CISSP, #1 Rating: 4 out of 5 stars4/5Asset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsCommunication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsIdentity and Access Management: CISSP, #5 Rating: 0 out of 5 stars0 ratingsSoftware Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsSecurity Assessment and Testing: CISSP, #6 Rating: 2 out of 5 stars2/5Security Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratings
Related ebooks
Cyber Security Policy A Complete Guide - 2020 Edition Rating: 5 out of 5 stars5/5Communication and Network Security: CISSP, #4 Rating: 0 out of 5 stars0 ratingsAsset Security: CISSP, #2 Rating: 0 out of 5 stars0 ratingsSoftware Development Security: CISSP, #8 Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsSecurity Operations: CISSP, #7 Rating: 0 out of 5 stars0 ratingsIdentity and Access Management: CISSP, #5 Rating: 0 out of 5 stars0 ratingsInformation Security Risk Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsApplication Security in the ISO27001 Environment Rating: 0 out of 5 stars0 ratingsBuilding a Life and Career in Security Rating: 5 out of 5 stars5/5Selling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsSecurity Operations Center - SIEM Use Cases and Cyber Threat Intelligence Rating: 0 out of 5 stars0 ratingsOperationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work Rating: 0 out of 5 stars0 ratingsISO IEC 27001 Lead Implementer A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsSecurity and Risk Management: CISSP, #1 Rating: 4 out of 5 stars4/5Start-Up Secure: Baking Cybersecurity into Your Company from Founding to Exit Rating: 0 out of 5 stars0 ratingsCertified Cybersecurity Compliance Professional Rating: 5 out of 5 stars5/5Assessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/5PCI DSS A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Security A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsThe Network Security Test Lab: A Step-by-Step Guide Rating: 0 out of 5 stars0 ratingsInformation Security Auditor: Careers in information security Rating: 0 out of 5 stars0 ratingsAuthorizing Official Handbook: for Risk Management Framework (RMF) Rating: 0 out of 5 stars0 ratingsQualified Security Assessor Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsInformation Security A Practical Guide: Bridging the gap between IT and management Rating: 5 out of 5 stars5/5PCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsWeb Application Security is a Stack: How to CYA (Cover Your Apps) Completely Rating: 0 out of 5 stars0 ratingsPenetration Testing Fundamentals -1: Penetration Testing Study Guide To Breaking Into Systems Rating: 0 out of 5 stars0 ratings
Security For You
IAPP CIPM Certified Information Privacy Manager Study Guide Rating: 0 out of 5 stars0 ratingsHow to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5NIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsMastering Blockchain Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5CISM Certified Information Security Manager Study Guide Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 5 out of 5 stars5/5Bitcoin Manifesto: ONE CPU ONE VOTE Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Crash Course Data Security Rating: 0 out of 5 stars0 ratingsBuild a Security Culture Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5How to Measure Anything in Cybersecurity Risk Rating: 4 out of 5 stars4/5Cybersecurity Architect's Handbook: An end-to-end guide to implementing and maintaining robust security architecture Rating: 0 out of 5 stars0 ratingsGoogle Cloud Platform an Architect's Guide Rating: 5 out of 5 stars5/5ISO 27001 Controls – A guide to implementing and auditing Rating: 5 out of 5 stars5/5ISO27001/ISO27002:2013: A Pocket Guide Rating: 4 out of 5 stars4/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsCertified Ethical Hacker (CEH v12) Exam Preparation Rating: 0 out of 5 stars0 ratingsHow to Investigate Like a Rockstar: Hacking the Planet Rating: 0 out of 5 stars0 ratingsISO/IEC 27001:2022: An introduction to information security and the ISMS standard Rating: 5 out of 5 stars5/5
Related podcast episodes
Bonus: Afternoon Cyber Tea: IoT-Based Infrastructures 0% found this document usefulCyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd. 0% found this document usefulcybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document usefulThe ICISF Quick Tips - Introduction to CISM 0% found this document usefulIs enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulCybersecurity and Hacking with Kevin Mitnick 0% found this document usefulThe Cloudflare mTLS vulnerability - A Deep Dive Analysis 0% found this document usefulSecurity Trends in 2023 and Beyond 0% found this document usefulStudy Guide for SC-200: Microsoft Security Opertions Analyst 100% found this document usefulMITRE ATT&CK (noun) [Word Notes] 0% found this document usefulCISA’s Small Business Security Guidance and Listener Questions 0% found this document usefulBig breaches (and how to avoid them): with Neil Daswani 0% found this document useful3 Must Have Skills To Land Your First Privacy Job 0% found this document useful
Related articles
Everything You May Have Wanted to Know About Ethical/Whitehat Hackers TechfastlyArticle
Everything You May Have Wanted to Know About Ethical/Whitehat Hackers
Oct 21, 2020
5 min readWeb App Security Linux FormatArticle
Web App Security
Jun 29, 2021
8 min readHow To Earn Cyber Essentials Certification PC Pro MagazineArticle
How To Earn Cyber Essentials Certification
May 9, 2024
8 min readNetwork monitoring 2022 PC Pro MagazineArticle
Network monitoring 2022
Feb 10, 2022
4 min readAuditing Your Security TechLifeArticle
Auditing Your Security
Aug 26, 2019
4 min readCybersecurity Firm Fireeye Says Was Hacked By Nation State TechLife NewsArticle
Cybersecurity Firm Fireeye Says Was Hacked By Nation State
Dec 12, 2020
3 min readReview of Cybersecurity Certification TechfastlyArticle
Review of Cybersecurity Certification
Feb 4, 2021
4 min readUS to Create Independent Military Cyber Command TechLife NewsArticle
US to Create Independent Military Cyber Command
Jul 21, 2017
3 min readCybersecurity: It Might Be The Small Stuff That Gets You NZBusiness and ManagementArticle
Cybersecurity: It Might Be The Small Stuff That Gets You
Jan 16, 2020
2 min readCreating a Cybersecurity Checklist Residential Tech TodayArticle
Creating a Cybersecurity Checklist
Aug 25, 2021
Cybersecurity technology has experienced a tremendous surge in consumer interest in 2021 that has shown no signs of slowing down. The trend is largely because developers are introducing numerous innovations in this realm, at a pace that meets market
4 min readBuilding a Cybersecurity Fence Residential Tech TodayArticle
Building a Cybersecurity Fence
Jan 30, 2019
4 min read“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive” PC Pro MagazineArticle
“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive”
Jan 6, 2022
7 min readBuild A Dynamic App Security Pipeline Linux FormatArticle
Build A Dynamic App Security Pipeline
Sep 21, 2021
8 min readWhat Should You Know About Cloud Security Solutions? HWM SingaporeArticle
What Should You Know About Cloud Security Solutions?
Apr 9, 2021
3 min readVulnerability Assessments PC Pro MagazineArticle
Vulnerability Assessments
Jan 7, 2021
3 min read“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker” PC Pro MagazineArticle
“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker”
Aug 12, 2021
If you’ve ever attended an infosec or cybersecurity event, you will no doubt have noticed the preponderance of “Hacking is NOT a Crime” stickers. In 2018, some 500 such stickers were handed out at the DEF CON 26 event, the following year 5,000 were d
7 min readThe Weakest Link Facility ManagementArticle
The Weakest Link
Jun 24, 2018
7 min read“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster” PC Pro MagazineArticle
“DORA Is A Force For Good And Will Help Businesses To Make Better Decisions, Faster”
Apr 10, 2022
6 min readUnder Cyber Attack Owner DriverArticle
Under Cyber Attack
Apr 16, 2020
9 min readSocial Engineering Maximum PCArticle
Social Engineering
Oct 15, 2019
5 min readProtect Your Data APCArticle
Protect Your Data
Jul 13, 2020
13 min readYour Best Defence Against Cyber-attacks NZBusiness and ManagementArticle
Your Best Defence Against Cyber-attacks
Jul 21, 2021
There is no better time than today to plan for how you’ll respond to a serious cyber-attack. Instigating a rock-solid cyber response plan requires identifying the risk to your business at a senior governance level, and understanding who is responsibl
3 min readCyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL Inc.Article
Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL
Sep 21, 2016
Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate
2 min readNetwork Attacks TechLifeArticle
Network Attacks
Sep 21, 2020
Though less common than malware and social engineering, network-based attacks are still a threat to every computer and mobile user, and everyone should have at least a basic understanding of what they are and how to avoid them. So this month let’s lo
4 min readThe 5 Worst Home Networking Mistakes and How to Avoid Them Residential Tech TodayArticle
The 5 Worst Home Networking Mistakes and How to Avoid Them
Oct 15, 2020
4 min readArtificial Intelligence: The Next Step for Cybersecurity Cannabis & Tech TodayArticle
Artificial Intelligence: The Next Step for Cybersecurity
Apr 1, 2019
3 min readHacker’s Manual Maximum PCArticle
Hacker’s Manual
Mar 2, 2021
1 min readAWS Vs Azure What’s The Difference? PC Pro MagazineArticle
AWS Vs Azure What’s The Difference?
Sep 11, 2022
7 min readTop Eight Cybersecurity Predictions For 2022-23 NZBusiness and ManagementArticle
Top Eight Cybersecurity Predictions For 2022-23
Jul 20, 2022
3 min readTurn Your Raspberry Pi Into A Cloud Server Linux FormatArticle
Turn Your Raspberry Pi Into A Cloud Server
Aug 24, 2021
6 min read
Reviews for Security Assessment and Testing
Rating: 2 out of 5 stars
2/5
1 rating0 reviews
Book preview
Security Assessment and Testing - Selwyn Classen
While every precaution has been taken in the preparation of this book, the publisher assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.
SECURITY ASSESSMENT AND TESTING
First edition. April 2, 2020.
Copyright © 2020 Selwyn Classen.
Written by Selwyn Classen.
Table of Contents
Assessment and Testing Strategies
Course Introduction
Ensuring Objectives Have Been Met
Resource Constraints
Security Assessment Foundations
Security Assessment Program
Assessment Viewpoints
Assessment Types
Summary
Security Control Effectiveness Testing
Introduction
Vulnerability Assessment
Detection
Identification
Analysis
Reporting
Mitigation
Intro to Penetration Testing
Penetration Testing
Test Process Walkthrough
Selecting Target Surface
Destructing and Non-destructive Testing
Penetration Testing Frameworks
CISSP Exam Tip
Penetration Testing Process
Scoping the Test
Enumeration
Identification
Security Assessment Techniques
Source Code Review
Summary
Security Process Data Collection
Introduction
Key Performance Risk Indicators
Management Review
Training and Awareness
Account Management
Disaster Recovery and Business Continuity
Backup Data Verification
Summary
Test Result Analysis
Introduction
Vulnerability Assessment
Vulnerability Assessment Dashboards
Targeted Reporting
Data Analysis
Penetration Testing Reports
Reporting Challenges
Penetration Testing Report Anatomy
Summary
Third-party Assessment
Introduction
Third-party Vendors
Evaluating Guidelines
Audit Reports
SSAE16
Audit Stages
Summary
Information Security Continuous Monitoring
Introduction
What Is ISCM?
ISCM Strategy
Defining Your ISCM Program Strategy
Establishing Your ISCM Program Strategy
Implementing Your ISCM Program Strategy
Analyzing Your ISCM Program Strategy
Respond to ISCM Findings
Review Your ISCM Program Strategy
Summary
Assessment and Testing Strategies
Course Introduction
Let us assume that your controls have been selected and implemented, your users have been educated, and everything seems to be in order. Even if this is the case, the odds are that there are still unknown risks in your environment and if you want to be confident that your controls are working as intended, you will need to perform security and risk assessment. If you take a look at the CISSP exam outline, you will find that a CISSP candidate will be expected to understand how to design and validate assessments and test strategies, conduct security control testing, collect security control data, analyze and report test outputs, and conduct or facilitate internal and third-party audits. The requirements that were just listed all stem from the very same need.
Let me give you a quick example of this. Depending on the size of the organization, there is a chance that many employees believe that all necessary security controls are already in place. Unfortunately, this is simply an assumption and one that is often incorrect. As a security professional, you may need to provide your leadership with the assurance that your systems are secure and to do that; you will need to have effective and repeatable security testing and assessment processes in place. In this module and throughout the entire course, you are going to learn what this entails. Security testing will require that you leverage all of the information that you have learned in the other CISSP domains. You may be asked to work with product owners to build out procedures and processes that validate the effectiveness of security controls. When planning for testing and creating your test strategies, you may be required to work with product owners to build out procedures and processes that validate the effectiveness of security controls.
Now that you have a basic understanding of what ISE Squared expects a candidate to know in regards to security assessment and testing. Let us go ahead and get started on the first topic of this course, assessment and testing strategies. This module attempts to cover the broad spectrum of security assessment and testing-related ideas, concepts, and terminology that is the foundation for any advanced security professional. This course module also reinforces your existing security assessment knowledge and will focus on the concepts necessary for adequately designing and validating security assessments. Now, although this course does not contain technological demonstrations, much of the information that will be shared should be immediately useful when you are planning for or even executing your security assessments.
You will learn why developing a strategy for security assessment, and testing is important and what the different assessment types are and what you should know in regards to resources and how they might impact your assessments. You will also learn about the overall security testing and assessment process so that you can be both effective and efficient when developing your strategies.
Ensuring Objectives Have Been Met
Information security assessment is an activity that is focused on assuring that security objectives have been met. This can be accomplished by testing your environment and validating that everything is working the way that you had originally planned when performing due diligence. This could include the security objectives that are driven by regulatory requirements, or it could be the items that are in your organizational policies. Security testing will ensure that your controls are working properly, and when they do not, it will help you to identify those areas
Enjoying the preview?
Page 1 of 1