In this video, Marc Menninger shows you how to categorize assessment findings using control families defined in NIST SP 800-53. Discover that categorizing assessment findings can give some organization to the vulnerabilities found which helps during the remediation process.
(upbeat music) … - [Narrator] Let's review how to use … the NIST control families to categorize … the four common assessment findings I gave you … in the previous video. … Our first finding is missing security patches. … You should've picked systems and information integrity … as the matching control family. … The specific control in that control family defined by NIST … is SI-2, Flaw Remediation. … On the details page for that control … it says install security relevant software … and firmware updates. … So systems and information integrity is the correct category … for this assessment finding. … The next finding is users have not received … security awareness training. … This one was pretty easy because the correct control family … has the answer in the name, awareness and training. … The specific control in that control family defined by NIST … is AT-1, Security Awareness and Training … Policy and Procedures. … On the details page for that control, … it says procedures to facilitate the implementation …
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.