In this video, Marc Menninger describes how to prioritize and schedule technical security assessments. Learn how systems can be prioritized based on various factors. Discover how much good planning can contribute to the success of a security assessment.
- Like any project, security assessments…have specific business objectives to achieve,…in this case, testing the security of all targets…within the defined scope.…However, there are always constraints that the assessor…must work within including time, budget,…and resource limitations.…Adequate planning can make the difference…between a successful security assessment…and one that fails to achieve its objectives.…Before planning can begin, the objectives…of the assessment must be defined.…
For instance, the objectives of a regular quarterly…security assessment will probably be much different…than an assessment to measure compliance…with the ISO/IEC 27001 security standard.…Also the scope of the assessment must be defined up front.…Whether the scope is all systems in the organization…or a subset of the systems, it should be clearly defined…to prevent scope creep which can drag out the assessment.…The systems in scope should be prioritized to ensure…resources are directed at the most important systems first.…
This ensures that if the project runs out of time,…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.