In this video, learn about a variety of security assessment techniques including baseline reporting, code review, architecture reviews, and attack surface reviews.
- [Narrator] When you're ready to begin…a security assessment program, where should you start?…Let's take a look at four common ways…to conduct a security assessment:…baseline reporting, an attack surface review,…code reviews, and architecture reviews.…Baseline reporting is a great way to get started.…Baseline reports provide you with an initial view…of the system's security status.…They are often performed against the organization's…security configuration standard…and are best presented as a gap analysis…that shows the differences…between the system's current configuration…and the security baseline.…
Administrators may then work to reconcile those differences…and make security adjustments until the system…matches the desired baseline state.…There are tools to assist with this process.…For Microsoft systems,…the Microsoft Baseline Security Analyzer, or MBSA,…produces gap analysis reports.…Organizations adopting the Center for Internet Security…configuration baselines may use…the center's configuration assessment tool,…
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
Note: This course is part of a series releasing throughout 2018. A completed Learning Path of the series will be available once all the courses are released.
- Using security assessment tools
- Scanning for vulnerabilities
- Threat assessment techniques
- Performing penetration testing
- Reviewing monitor logs
- Performing code reviews
- Performing fuzz testing and misuse case testing
- Analyzing coverage
- Assessing disaster recovery sites and backups
- Testing BC/DR plans
- Collecting security process data and metrics
- Auditing and control management