The objectives of this course are to understand the process,
tools, risks and benefits of utilizing security assessment procedures and tools
to determine current security posture of the organization, systems and/or applications.
This class will include demonstrations and class participation in the
performance of an assessment using open-source tools. We will analyze results
and perform validation to determine the actual risks. Focus will be on
providing information to the auditor for utilizing assessment results in an
audit, reviewing the assessment for accuracy and validation of findings.
1.
Security
Policy
2.
Legal
Issues
3.
Testing
– by Whom?
4.
The
Assessment Process - Overview
a.
Definitions
b.
Assessment
Goals
c.
Information
Gathering
d.
Architecture
Review
e.
Data
Flows
f.
Initial
Risk Review
5.
Assessment
Tools
a.
Open
Source
b.
Commercial
6.
Vulnerability
& Penetration Testing
a.
Target
Selection
b.
Electronic
assessments
i.
Tool
Configuration
ii.
Infrastructure
Testing
iii.
Systems
Testing
iv.
Wireless
testing
v.
Communication
/ Remote Access Testing
vi.
Applications
Testing
c.
Results
Validation
i.
Manual
ii.
Electronic
d.
Penetration
Testing
i.
Risks
ii.
Tools
and scripts
e.
Reporting
and Analysis
7.
Auditing
by Assessment / Penetration
a.
Where
do I start
b.
What
do I do
c.
How
do I know
d.
Findings
– What is reality
8.
Risk
Reduction - Security Technologies Review
/Home/
About Us/
Services
/Newsletter
/Links