From the course: Performing a Technical Security Audit and Assessment
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Develop a security assessment policy
From the course: Performing a Technical Security Audit and Assessment
Develop a security assessment policy
- A security assessment policy is a set of written rules, which requires an organization to conduct security assessments. The policy also provides the necessary details to ensure security assessments are conducted properly. You may have also heard it called some other things, such vulnerability assessment policy, risk assessment policy, or risk management policy. For the organization, a security assessment policy provides guidance for how assessments must be conducted, including how frequently they're conducted, which security standards, such as NIST SP 800-115, the organization should be complying with, which networks and systems are in scope for the assessments, and documentation and reporting requirements. For the assessor, the security assessment policy not only provides direction for conducting the assessment, it grants the necessary authority to the assessor to conduct the assessment. Security assessment policies should define roles and responsibilities, including who conducts…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
(Locked)
Develop a security assessment policy1m 43s
-
(Locked)
Prioritize and schedule the assessments3m 21s
-
(Locked)
Select and customize techniques3m 31s
-
(Locked)
Select the assessors3m 1s
-
(Locked)
Select the location3m 15s
-
(Locked)
Select tools and resources3m 19s
-
(Locked)
Develop the assessment plan2m 34s
-
(Locked)
Challenge: Write a security assessment methodology2m 8s
-
(Locked)
Solution: Write a security assessment methodology1m
-
(Locked)
Legal considerations1m 22s
-
(Locked)
-
-
-