CISM - Information Security Program - Section 3.8
Test and evaluate information security controls to verify that they operate as intended.
Test and evaluate information security controls through audits, control testing, and penetration testing to verify that each control operates as intended. Interpret effectiveness evaluation results to identify controls that are designed correctly but fail operationally, and distinguish these from controls that require redesign.
Control testingAuditPenetration testingEffectiveness evaluation
More in this domain
Back to all Information Security Program objectives, or the CISM cert hub.
Examworthy is not affiliated with or endorsed by ISACA. Original, blueprint-aligned practice material only.