From the course: CISSP Cert Prep (2021): 6 Security Assessment and Testing

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Control management

Control management

From the course: CISSP Cert Prep (2021): 6 Security Assessment and Testing

Start my 1-month free trial

Control management

- [Instructor] In addition to conducting regular audits and assessments, organizations should perform routine management of their own controls. Every security program should include control testing procedures, a process for managing exceptions to controls, the building of control remediation plans, and the use of compensating controls. Control testing should take place on a regular basis. While periodic audits and assessments do evaluate the effectiveness of security controls, these usually occur relatively infrequently. Organizations should supplement these more formal tests with routine and automated monitoring of security controls. For example, an automated review process might routinely check to see if new ports are opened on a firewall in an unexpected manner. You'll also find that there is an exception to every rule in the world of security. You should have a defined process in place to help team members understand…

Contents