From the course: Performing a Technical Security Audit and Assessment
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Prioritize and schedule the assessments
From the course: Performing a Technical Security Audit and Assessment
Prioritize and schedule the assessments
- Like any project, security assessments have specific business objectives to achieve, in this case, testing the security of all targets within the defined scope. However, there are always constraints that the assessor must work within including time, budget, and resource limitations. Adequate planning can make the difference between a successful security assessment and one that fails to achieve its objectives. Before planning can begin, the objectives of the assessment must be defined. For instance, the objectives of a regular quarterly security assessment will probably be much different than an assessment to measure compliance with the ISO/IEC 27001 security standard. Also the scope of the assessment must be defined up front. Whether the scope is all systems in the organization or a subset of the systems, it should be clearly defined to prevent scope creep which can drag out the assessment. The systems in scope should be prioritized to ensure resources are directed at the most…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
-
-
(Locked)
Develop a security assessment policy1m 43s
-
(Locked)
Prioritize and schedule the assessments3m 21s
-
(Locked)
Select and customize techniques3m 31s
-
(Locked)
Select the assessors3m 1s
-
(Locked)
Select the location3m 15s
-
(Locked)
Select tools and resources3m 19s
-
(Locked)
Develop the assessment plan2m 34s
-
(Locked)
Challenge: Write a security assessment methodology2m 8s
-
(Locked)
Solution: Write a security assessment methodology1m
-
(Locked)
Legal considerations1m 22s
-
(Locked)
-
-
-