Summary
This chapter has covered foundational concepts in controlling, analyzing, auditing, and reporting the security process and test data. The preservation of security test data is essential in the event of audits and establishing audit trail. It is also used in demonstrating the effectiveness of implemented security control. Methods such as analyzing the security data and internal and third-party audits are conducted to provide evidence that the application of security policies and procedures are continuous and uniform.
Next is a review chapter that includes the content from chapters 11 to 14 in an exam cram format. References and further study for the four chapters are provided. A mock test consisting of about 10 questions is also provided.