M-209 cipher machine.

CISSP Domain 6 — Security Assessment and Testing

Domain 6 — Security Assessment and Testing

Real User Monitoring or RUM captures all transactions of all users of a website or application. Also called End-User Experience Monitoring.

Synthetic Performance Monitoring or Proactive Monitoring uses external agents running scripted transactions. It's meant to simulate typical uesrs.

Website Monitoring uses simulated transactions to perform HTTP requests to test availability and performance. These can specialize in database transactions or TCP port availability.

Dynamic versus Static Testing

Dynamic testing runs the system under test.

Static testing analyzes the system without running it.


Key Performance Indicators or KPI are about past events.

Key Risk Indicators or KRI are about the possibility or probability of risk in the future.

DR vs BC

Business Continuity tries to prevent the outage, or mitigate impact.

Disaster Recovert tries to rapidly return to a pre-disaster state.

SOC (formerly SAS 70, now SSAE) = auditing reports

Type 1 evaluates the design.

Type 2 evaluates the design and effectiveness.