In this video, Marc Menninger describes how assessors should recommend mitigation solutions for each finding after testing and analysis is complete. Learn why it's important to include root causes of vulnerabilities when recommending mitigation solutions.
- After testing and analysis are completed,…the assessors should recommend mitigation solutions…for each finding.…Ideally, they would have gathered information about…how to remediate the vulnerabilities they found,…as they conducted the assessment.…However, if the solutions for some vulnerabilities…are still unknown, now is the time to research them.…Assessors can use their experience from conducting…previous security assessments, as well as implementing…security fixes themselves, to suggest how the organization…should address their vulnerabilities.…
Remember that it's helpful to include the root causes…identified in the analysis stage of the assessment…with the mitigation solutions.…This way, the organization can understand not just…how to fix the vulnerabilities, but why they exist.…This might help the organization prevent similar…vulnerabilities from appearing in the future.…Not all recommendations will be technical.…While some remediation suggestions will likely be…to implement configuration changes, or apply patches,…
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.