Start free trial Sign in

From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Develop a security assessment policy

Develop a security assessment policy

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial

Develop a security assessment policy

“

- A security assessment policy is a set of written rules, which requires an organization to conduct security assessments. The policy also provides the necessary details to ensure security assessments are conducted properly. You may have also heard it called some other things, such vulnerability assessment policy, risk assessment policy, or risk management policy. For the organization, a security assessment policy provides guidance for how assessments must be conducted, including how frequently they're conducted, which security standards, such as NIST SP 800-115, the organization should be complying with, which networks and systems are in scope for the assessments, and documentation and reporting requirements. For the assessor, the security assessment policy not only provides direction for conducting the assessment, it grants the necessary authority to the assessor to conduct the assessment. Security assessment policies should define roles and responsibilities, including who conducts…

Contents

- (Locked)
  
  Next steps
  
  1m 32s