I'm preparing for the CCSP examine and am trying to wrap my mind around the concepts of "load testing" and "stress testing" within the context of security.
I think the difference here is that:
Load Testing is a measure of capacity, pure and simple. It focuses on the "A" (availability) and isn't concerned about the security implications of a failed state.
Stress Testing is focused on how the system system behaves after reaching a point of load saturation. For example, does the software/service fail in spectacular ways? Does it reveal sensitive errors (software versions, back-end infrastructure details, etc)?
Am I on the right track here?