Time
35 hours 10 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:01
Hello and welcome to Siberia's Con Tia, certified of the insecurity practice ners certification papers. Of course,
00:10
this is Martin. I'm a nine, which is titled Scared. Any monitoring?
00:14
Here are our objectives, which encompasses marginal manana.
00:18
Let's not turn our attention toward a discussion of the very first item, which is called Performed security assessment Activities.
00:27
Now let's take a look at an object. This and the order was to be covered during this particular
00:32
presentation.
00:33
Participate in security, testing, evaluation and lastly interpretation and reporting of scanning and testing results.
00:41
Perhaps the best place begin by taking a look at a pre assessment course then, and the question is as follows. In fact, it's a true or false questions. And if statement is testing is the process of exercises Pacific security objectives under specific condition to compare actual and expected behaviors?
01:02
If you say let the chew. This is absolutely true. Statement and regards to testing, in fact, is the process off exercising specific security objectives on the specific condition to compare actual and expected behaviors.
01:18
The first item on our agenda is every security audits and testing and impress. Acute audit, obviously, is a systematic,
01:26
marriageable security audit off how the odors a security policy is employed. Testing, in fact, is the process of exercise of the civic security objectives under specific or specify condition to compare actually inspected behavior. Miniter Testament methods are discussed doing an audit.
01:44
An infrared security audit can be internal or perhaps could be external and consists of preparation. Scheduling, evaluation over should perform the audit, and you have a formal response. In other words, a report.
01:57
A vulnerable assessment is a risk management process used to identify, quantify and rink possible vulnerability to threats in a given system. It's not isolated to a single field and has applied to system across different industry, such as your I T systems engine, other utility systems, transportation
02:16
as well as your communications systems. The key component of a vulnerable assessment is a proper
02:23
definition for impact loss rating and the system vulnerable to that specific threat.
02:29
Impact laws differ per system, for example, and an excess air traffic control tower may consider a few minutes of downtime as a serious impact loss. While for local government office, those few minutes of impact loss may be negligible.
02:46
Finalists Cannon is a security technique used identify security of weaknesses in a computer system.
02:53
Bonus cannons can be used by individuals or network administrators for security purposes or could be used by hackers. Attempted ***. Unauthorized access to computer systems. A venomous scan. It is a computer system. Programmed design is assessed. Computers access computers, computer systems. Networks are application
03:13
four, obviously weaknesses.
03:16
Then we come to penetration tests. A pen tests or penetration test is an attempt to evaluate the security of a nightie infrastructure by safely trying to explore vulnerabilities. Other words were speaking about weaknesses. These bone abilities may exist in operating system service's application flaws,
03:36
improper configuration or risk in use of behavior.
03:39
Such assessment can also be useful, invalidating the again obviously, the efficiency or effectiveness of your defensive mechanism as what it's in use as here. It's to the various security policies that you have in place.
03:53
Ape interesting tests typically performed using manual automated technologies to systematically compromise service in points Web applications. While it's network's network devices, mobile devices and other potential points of exposure,
04:08
once vulnerable is have been successful exploded on a particular system test is the attempt to use the compromise system tau launch the prince your exploits at other internal resource is, but simply by trying to incrementally achieve high levels of security clearance and deeper access to electronic assets. And it may should be of what we call
04:27
privilege escalation.
04:29
Obviously, there's a benefits when you engage in what we call penetrates and testing. First of all,
04:34
you're able to intelligent manager bon ability. You can avoid the cost of network downtime. You can meet regulatory requirements and avoid fines you can also prefer deserve the actual corporate image as well as your customers lore. Laurenti as well
04:51
as you can see obtaining a Pinterest and testing software or hiring a pen tester to test your network, is a proactive effort or protecting your network and Venice from risk. Before the attack or security breach occur, the printers and tested shipping performed on a regular basis. To ensure consistency,
05:11
a pen tester will reveal how newly discovered threats are emerging. Volunteers may potentially be actually utilize or at here to buy
05:19
Attackers. In addition to regulate schedule, analysis and assessment required by regulatory mandates test you also run whatever. For example, when you have a new infrastructural application at it, when you have significant upgrades or modifications. New office locations or establish security patches
05:40
or applied
05:41
and in use of policies have been modified.
05:45
This place is to oppose assessment question,
05:47
and the question is as follows in fact, is a true and false question.
05:51
Varma Scanner is a security technique used Identify security witnesses in the computer system.
05:59
If you say let the truth, that's absolutely correct, because bonus can. It is, in fact, a security technique used. Identify security weaknesses in the computer system.
06:10
Doing this particular presentation, We particularly highlighted participates and executed testing and evaluation as well as interpretation and reporting off scanning and testing results.
06:19
In our upcoming video, we've taken a look at operate and maintain Martin Systems. Look forward to seeing, you know, very Lexx video.

Up Next

CompTIA CASP+

In this CASP+ certification course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA CASP+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor