Video Description

In this section of Operations Security, we discuss security vulnerability assessments where the goal is to identify vulnerabilities and we explain its difference from penetration testing where the goal is to identify & replicate then develop security enhancement strategies and why vulnerability assessments are less intrusive than pen testing. We clarify why Penetration Testing is called "Ethical Hacking" and what that means, the types of knowledge testing ethical hackers perform, and the scope of what those testing types reveal. You'll learn about various types of attack methodologies a hacker would use and the information gained from that. For example, we discuss types of recon, footprinting techniques, what fingerprinting is, how it works, and why it's different from footprinting, how to use this information to reveal what areas within the system have a vulnerability and finally how to use that assessment to create a hidden attack. Next we explore Testing Guidelines and define the reasons why we test. You'll learn what involved in developing a cohesive security testing program and learn why it should be treated is a living organism rather than a one-time, static event. Then we close out this Operations Security lesson with Penetration Testing Goals & Issues by looking at the purpose of the pen test and its required actions, as well as some of the policy and environment issues related to pen testing. For example, the three main rules required for a successful pen test event and why buy-in plus set parameters established by senior management is essential, we look at the adverse events a pen testing session can trigger such as disruption of productivity and systems, and how important it is to determine safeguards again any adverse event the pen test would cause. We reinforce the importance of Roles and Responsibilities, review that types of Penetration Test are physical, administrative and logical. And finally we talk about Rules of Engagement, what they are and when they should be separate, stand-alone documentation.

Course Modules

CISSP Archive (10 Domain - 2014)

CISSP 2015 Domain Restructuring