Join Marc Menninger for an in-depth discussion in this video What are technical security assessments?, part of Performing a Technical Security Audit and Assessment.
- The purpose of technical security assessments is to determine the security posture of a system, network, or organization. In addition, a successful technical security assessment identifies security gaps and recommends remediation steps to make the organization more secure. Technical security assessments follow a consistent methodology, which I describe in another video in chapter one. Technical security assessments can be used to find security weaknesses and technical vulnerabilities, as well as determine compliance with internal and external security standards or benchmarks, such as PCI or ISO/IEC 27001.
Technical security assessments are not a substitute for security. These assessments should be conducted after security controls are implemented to measure the security status. Security assessments are most effective when conducted periodically, whether that's quarterly, semi-annually, or annually. Conducting security assessments regularly should be part of a well-managed organizational security program. If done properly, security assessments will give you a valuable insight into your organization's current security posture periodically.
In addition, doing these assessments on a regular basis allows you to compare multiple results to identify trends and determine if security gaps are being remediated in a timely manner. In summary, a well-run security assessment is one of the best ways to understand the current state of your organization's security.
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.