Video Description

This lesson introduces methods of security control assessments and explains in detail the tasks associated with assessing the security controls in an information system. Upon completion of this unit, participants will be able to use one or more of the three methods of assessment to assess an information system's security controls. In addition, participants will be able to prepare or support the preparation of the security assessment report documenting the issues, findings and recommendations from the security control assessment. A security assessment plan consists of 6 steps:

  1. Develop Security assessment policy
  2. Prioritize and schedule assessment
  3. Select and customize testing techniques
  4. Determine logistics of assessment
  5. Develop the assessment plan
  6. Address legal considerations

Participants also learn about technical assessment tools and methods: 1. Log reviews

  1. File Integrity checkers
  2. Penetration Testing
  3. Vulnerability scanning
  4. Social Engineering
  5. Wireless scanning
  6. Network scanning and discovery
  7. Prior Assessment reports

Course Modules