In this video, Marc Menninger describes how to develop a security assessment policy. Learn how a security assessment policy provides direction for conducting the assessment. Discover the impacts of not having a written security assessment policy.
- A security assessment policy is a set of written rules,…which requires an organization…to conduct security assessments.…The policy also provides the necessary details…to ensure security assessments are conducted properly.…You may have also heard it called some other things,…such vulnerability assessment policy,…risk assessment policy,…or risk management policy.…For the organization,…a security assessment policy provides guidance…for how assessments must be conducted,…including how frequently they're conducted,…which security standards, such as NIST SP 800-115,…the organization should be complying with,…which networks and systems are in scope for the assessments,…and documentation and reporting requirements.…
For the assessor,…the security assessment policy not only provides direction…for conducting the assessment,…it grants the necessary authority to the assessor…to conduct the assessment.…Security assessment policies…should define roles and responsibilities,…including who conducts the assessments,…who receives the final report,…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.