In this video, learn about a variety of security assessment techniques, including baseline reporting, code review, architecture reviews, and attack surface reviews.
- [Instructor] When you're ready to begin…a security assessment program,…where should you start?…Let's take a look at four common ways…to conduct a security assessment:…baseline reporting, an attack surface review,…code reviews, and architecture reviews.…Baseline reporting is a great way to get started.…Baseline reports provide you with an initial view…of a system's security status.…They are often performed against…the organization's security configuration standard,…and are best presented as a gap analysis…that shows the differences between…the system's current configuration…and the security baseline.…
Administrators may then work to reconcile those differences…and make security adjustments until the system…matches the desired baseline state.…There are tools to assist with this process.…For Microsoft systems,…the Microsoft Baseline Security Analyzer, or MBSA,…produces gap analysis reports.…Organizations adopting the Center for Internet Security…configuration baselines may use the Center's…configuration assessment tool, a Java-based utility…
- Risk management actions
- Ongoing risk management
- Risk management frameworks
- Scanning for threats and vulnerabilities
- Advanced vulnerability scanning
- Monitoring log files
- Code review and code tests
- Test coverage analysis
Skill Level Intermediate
Q: This course was updated on 05/18/2018. What changed?
A: New videos were added that cover identifying threats, understanding attacks, technology and process remediation, remediating vulnerabilities, and security monitoring. In addition, the following topics were updated: risk management and monitoring log files.
IT Security Careers and Certifications: First Stepswith Marc Menninger2h 6m Appropriate for all
IT Security Foundations: Core Conceptswith Lisa Bock1h 13m Beginner
Insights from a Cybersecurity Professionalwith Mike Chapple32m 15s Appropriate for all
Welcome Updated1m 26s
1. Risk Management
2. Threat Modeling
3. Threat Assessment
4. Remediating Vulnerabilites
5. Security Monitoring
6. Software Testing
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.