In Part 1, we covered the CISSP Domain 6 topics related to designing and validating assessment & audit strategies and conducting control testing. We defined core concepts, including what a security test and an audit are, which types of testing fall under an organization’s control, and what a vulnerability management program is designed to accomplish.

In Part 2, we continue exploring data collection, analyzing test results, reporting, and conducting various types of security audits. Let’s dive into the domain and cover the material by continuing to follow the ISC2 exam outline.