A test is a procedure that records some set of properties or behaviors in a system being tested and compares them against predetermined standards.
An assessment is a series of planned tests that are somehow related to each other.
An audit is a systematic assessment of significant importance to the organization that determines whether the system or process being audited satisfies some external standards.
The scope of the audit should be determined in coordination with business unit managers.
A key decision is whether the audit will be performed by an internal team or by a third party.
剩余内容请关注本人公众号debugeeker, 链接为CISSP考试指南笔记:6.1 评估、测试和审计策略