Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Certified Information Security Manager Exam Prep Guide

You're reading from   Certified Information Security Manager Exam Prep Guide Aligned with the latest edition of the CISM Review Manual to help you pass the exam with confidence

Arrow left icon
Product type Paperback
Published in Nov 2021
Publisher Packt
ISBN-13 9781801074100
Length 616 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Hemang Doshi Hemang Doshi
Author Profile Icon Hemang Doshi
Hemang Doshi
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Section 1: Information Security Governance
2. Chapter 1: Information Security Governance FREE CHAPTER 3. Chapter 2: Practical Aspects of Information Security Governance 4. Section 2: Information Risk Management
5. Chapter 3: Overview of Information Risk Management 6. Chapter 4: Practical Aspects of Information Risk Management 7. Chapter 5: Procedural Aspects of Information Risk Management 8. Section 3: Information Security Program Development Management
9. Chapter 6: Overview of Information Security Program Development Management 10. Chapter 7: Information Security Infrastructure and Architecture 11. Chapter 8: Practical Aspects of Information Security Program Development Management 12. Chapter 9: Information Security Monitoring Tools and Techniques 13. Section 4: Information Security Incident Management
14. Chapter 10: Overview of Information Security Incident Manager 15. Chapter 11: Practical Aspects of Information Security Incident Management 16. Other Books You May Enjoy

Penetration testing

In penetration testing, the tester uses the same techniques as used by hackers to gain access to critical systems/data. This helps the auditor to determine the security environment of the organization. Penetration testing helps to identify the risk relevant to the confidentiality, integrity, and availability of information systems. The objective of penetration testing is to verify the control environment of the organization and to take corrective action if a deficiency is noted. Penetration testing needs to be conducted only by a qualified and experienced professional.

Aspects to be covered within the scope of the test

From a risk perspective, the following aspects need to be covered within the scope of penetration testing:

  • Precise details of IP addresses need to be included in the scope of the audit. Details of the testing technique (SQL injection/DoS/DDoS/social engineering, and so on) should be provided.
  • The day and time of the attack (that...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at £16.99/month. Cancel anytime