In addition to conducting regular audits and assessments, organizations should perform routine management of their own controls. In this video, learn about control testing procedures, managing exceptions to controls, building control remediation plans, and the use of compensating controls.
- [Narrator] In addition to conducting…regular security audits and assessments,…organizations should perform routine management…of their own controls.…Every security program should include…control testing procedures,…a process for managing exceptions to controls,…the building of control remediation plans,…and the use of compensating controls.…Control testing should take place on a regular basis.…While periodic audits and assessments…do evaluate the effectiveness of security controls,…these usually occur infrequently.…
Organizations should supplement these more formal tests…with routine and automated monitoring of security controls.…For example, an automated review process…might routinely check to see if new ports…are opened on a firewall in an unexpected manner.…You'll also find that there is an exception…to every rule in the world of security.…You should have a defined process in place…to help team members understand…how they may request an exception to a security control…and who has the authority to approve such a request.…
Looking for study partners?Join the CISSP Exam study group
Learn about security assessment and testing practices needed to prepare for the Certified Information Systems Security Professional (CISSP) exam. CISSP—the industry's gold standard certification—is necessary for many top jobs. This course helps you approach the exam with confidence by providing coverage of key topics, including threat assessment, log monitoring, and software testing. It also covers disaster recovery and security process assessment. Students who complete this course will be prepared to answer questions on the sixth CISSP exam domain: Security Assessment and Testing.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management