TIM-8301 V4

Warsinske, J., Graff, M., Henry, K., Hoover, C., Malisow, B., Murphy, S., Oakes, C.P., Pajari, G., Parker, J.T., Seidl, D., & Vasquez, M. (2019). The official (ISC) 2 guide to the CISSP CBK Reference (5th ed.). Wiley.
Read Chapter 6 - Domain 6: Security Assessment and Testing.
This chapter details specific tasks performed by the organization to mitigate risk. Specifically, security assessments, risk assessments, and security auditing processes are discussed.

National Institute of Standards and Technology. (2014, March 2). Assessing security and privacy controls in federal information systems and organizations: Building effective assessment plans. NIST.
This publication provides a set of procedures for conducting assessments of security controls and privacy controls employed within federal information systems and organizations. Chapters 1-3, pages 1-26 are recommended for this assignment. Optional: Appendices with specific examples.

National Institute of Standards and Technology. (2008, September). Technical guide to information security testing and assessment. NIST.
This publication provides information on planning and conducting technical information security tests and examinations, analyzing findings, and developing mitigation strategies.