5 April 2025
CISSP - Domain 6
by ogmini
Continuing our roll on CISSP study with Domain 6 today. Would you believe that there is more overlap with the CSSLP again? This domain seems to really focus on how do you assess your security program and report on it.
Domain 6 - Security Assessment & Testing
- Validation (Is this right?) vs Verification (Was it done right?)
- Software Testing
- Testing Techniques
- Manual vs Automated
- SAST/DAST/Fuzzing
- Blackbox vs Whitebox
- Positive/Negative/Misuse
- Equivalence Partitioning vs Boundary Value Analysis
- Vulnerability Assessment vs Pen Testing
- Blue, Red, Purple Teams
- Vulnerability Management (Asset Inventory)
- Vulnerability Scanning
- Logging
- KPI vs KRI
- Security Audits
- SOC 1, SOC 2, SOC 3
- Type 1 and Type 2
- SOC 2, Type 2 are the most detailed
- Audit Roles
- Execs
- Audit Committee
- Security Officer
- Compliance Manager
- Internal Auditors
- External Auditors
tags: certification