CISSP Domain 6 — Security Assessment and Testing

6.1 Design and Validate Assessment and Audit Strategies

Effective security assessment and audit strategies provide the necessary oversight to ensure that controls are functioning as intended across different environments and jurisdictions.

• » Internal (e.g., within organization control)
• » External (e.g., outside organization control)
• » Third-party (e.g., outside of enterprise control)
• » Location (e.g., on-premise, cloud, hybrid)