In this video, Marc Menninger shares his solution for the reviews he would conduct during the technical security assessment for a given scenario. Use this information to help you select the correct reviews in your next technical security assessment.
(upbeat music) … - [Instructor] You've been asked to find out … how exposed your organization is to data loss … due to human error on a set of database systems. … Now you need to pick the right review techniques … for this scenario. … Before I tell you the reviews I would pick, … here are some security controls I'd be looking for. … Does your organization require and enforce least privilege? … The fewer people who have access to the database servers, … the less chance there is for accidental data loss. … Who is authorized to access the databases … and database servers? … If you don't know who should access the data, … you can't enforce restrictions on those who shouldn't. … And how frequently are the databases being backed up? … Are backups adequate in the event of data loss? … So I'm going to pick the review techniques … that help answer these questions. … Let's step through the different reviews … and see which ones make the most sense to use. … Documentation review. … I would definitely use this review in this scenario. …
- Cite the three phases of external security assessments.
- Explain the reasons for conducting a log review.
- Explain what network sniffing is and why it’s used.
- Describe when to use a file integrity checking tool.
- Differentiate between active network discovery and passive network discovery.
- Explain how to scan for vulnerabilities.
- Relate the three techniques useful for validating target vulnerabilities.
- Explain the four-stage methodology of conducting penetration tests.
Skill Level Intermediate
1. Overview of Technical Security Assessments
2. Technical Security Assessment Reviews
3. Identify and Analyze Targets
4. Validate Target Vulnerabilities
5. Planning Technical Security Assessments
6. Executing the Technical Security Assessment
7. Post-Testing Activities
Report the results2m 16s
Next steps1m 32s
- Mark as unwatched
- Mark all as unwatched
Are you sure you want to mark all the videos in this course as unwatched?
This will not affect your course history, your reports, or your certificates of completion for this course.Cancel
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
1:30Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.