Cybersecurity programs use a common set of tools to conduct threat assessments. In this video, learn about a variety of security assessment techniques including baseline reporting, code review, architecture reviews, and attack surface reviews.
- [Instructor] When you're ready to begin a security assessment program, where should you start? Let's take a look at four common ways to conduct a security assessment. Baseline reporting, an attack surface review, code reviews, and architecture reviews. Baseline reporting is a great way to get started. Baseline reports provide you with an initial view of a system's security status. They are often performed against the organization's security configuration standard and are best presented as a gap analysis that shows the differences between the system's current configuration and the security baseline.
Administrators may then work to reconcile those differences and make security adjustments until the system matches the desired baseline state. There are tools to assist with this process. For Microsoft systems, the Microsoft Baseline Security Analyzer, or MBSA, produces gap analysis reports. Organizations adopting the Center for Internet Security configuration baselines may use the Center's configuration assessment tool, a Java-based utility that compares a system's current configuration to a security baseline.
Attack surface reviews work to identify what security professionals call the "attack surface" of a system. This simply means that they identify all possible means of attacking a server or service. Attack surface reviews make heavy use of scanners, including port scanners, vulnerability scanners, and application scanners. They adopt the mindset of an attacker, seeking possible ways to exploit a system. Code reviews are critical when an organization is involved in the creation of custom application code.
These reviews perform both automated and manual assessments of software security. Mature organizations integrate peer-based code review into their software promotion and release processes. They also use design reviews to vet development plans prior to creating code. IT systems are complex combinations of application servers, databases, networks, storage, and other resources. Sometimes the way these components fit together introduces security vulnerabilities.
Architecture reviews take a comprehensive look at system security from this high-level approach, analyzing how components interact and how those interactions may introduce confidentiality, integrity, and availability issues. Well-designed security programs include a variety of assessment techniques that overlap and complement each other. Using baseline reporting, attack surface reviews, code reviews, and architecture reviews provides the organization with good insight into its current security status.
Looking for study partners?Join the CompTIA Security+ SY0-501 Exam study group
The CompTIA Security+ exam is an excellent entry point for a career in information security. The latest version, SY0-501, expands coverage of cloud security, virtualization, and mobile security. This course prepares exam candidates for the critical Threats, Attacks, and Vulnerabilities domain of the exam. By learning about malware, networking and application security exploitations, and social engineering, you'll be prepared to answer questions from the exam—and strengthen your own organization's systems and defenses. Author Mike Chapple, an IT leader with over 15 years of experience, also covers the processes for discovering and mitigating threats and attacks, and conducting penetration testing and scanning for vulnerabilities. Visit certmike.com to join one of his free study groups.
We are a CompTIA Content Publishing Partner. As such, we are able to offer CompTIA exam vouchers at a 10% discount. For more information on how to obtain this discount, please download these PDF instructions.
- Comparing viruses, worms, and Trojans
- Backdoors and logic bombs
- Understanding the attacker
- Attack types: from denial of service to brute force attacks
- Preventing insider threats
- Wireless attacks
- Understanding cross-site scripting
- Preventing SQL injection
- Social engineering
- Scanning for vulnerabilities
- Penetration testing
- Assessing the impact of vulnerabilities