This course follows a proven methodology for conducting thorough and effective technical information security audits and assessments. Learn how to develop the testing methodology essential for technical security reviews.
- You may think your organization's computer network is secure but how do you know for sure? How do you find out if security weaknesses exist in your network? And if you find any, will you know what to do to fix them? Hi, my name's Marc Menninger and I'd like to welcome you to Performing Technical Security Audits and Assessments. If you need to understand the current state of your network security and exactly which steps you need to take to secure it, then this is the course for you. In this course, I'll cover how to plan and conduct technical security assessments, analyze the results, and develop mitigation strategies.
I'll also demonstrate actual testing techniques to show you ways you can measure the security of your systems and networks. This course isn't a comprehensive encyclopedia of everything related to technical security assessments but rather a high level overview of the key elements one would expect to find in a thorough, well planned, and well executed security assessment. This course is based on the recommendations of special publication 800-115 from the National Institute of Standards and Technology, or NIST.
If you use this course to develop your security assessment program, you'll be able to say with confidence that your program is based on an internationally recognized security standard. I suggest reading the free download of NIST special publication 800-115 for additional information that I may not cover. A few words about terminology. In this course I may use the words security audit, security assessment, and security test interchangeably although they technically have different meanings.
The methodologies and techniques I cover in this course can be used whether you plan to conduct a security audit, test, or assessment. So, let's get started.
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.