CISSP Domain 6 — Security Assessment and Testing

6.5 Conduct or Facilitate Security Audits

Audits are independent reviews used to verify that an organization is following its policies and meeting regulatory requirements. Facilitating an audit requires coordination between technical teams and auditors across various deployment models.

» Internal (e.g., within organization control)
» External (e.g., outside organization control)
» Third-party (e.g., outside of enterprise control)
» Location (e.g., on-premises, cloud, hybrid)