Start free trial Sign in

From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Prioritize and schedule the assessments

Prioritize and schedule the assessments

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial

Prioritize and schedule the assessments

“

- Like any project, security assessments have specific business objectives to achieve, in this case, testing the security of all targets within the defined scope. However, there are always constraints that the assessor must work within including time, budget, and resource limitations. Adequate planning can make the difference between a successful security assessment and one that fails to achieve its objectives. Before planning can begin, the objectives of the assessment must be defined. For instance, the objectives of a regular quarterly security assessment will probably be much different than an assessment to measure compliance with the ISO/IEC 27001 security standard. Also the scope of the assessment must be defined up front. Whether the scope is all systems in the organization or a subset of the systems, it should be clearly defined to prevent scope creep which can drag out the assessment. The systems in scope should be prioritized to ensure resources are directed at the most…

Contents

- (Locked)
  
  Next steps
  
  1m 32s