Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our security assessment program module. It is important that you evaluate your assets and your infrastructure by effectively combining different tools and techniques to create a point in time assessment of your environment. This will help you to identify and mitigate or reduce your risks. These risks could include anything new or that needs to be changed in your environment, architectural issues, or design flaws caused by poor planning.
Configuration errors on your systems, software development or coding errors, errors in documentation, or failure to follow your policies and procedures. Unpatched software vulnerabilities or hardware vulnerabilities. Failure to train your staff, or the inability to overcome social engineering attacks, failing to maintain a secure baseline, and any other weaknesses that may exist that need to be addressed in your organization.
The first step is to establish an information security assessment policy. You will not be able to conduct the assessment if you do not have this policy in place. This policy should define the scope and requirements for executing the assessments, and also provide for accountability for those that should be verifying that the requirements are met.
The second step is to create or evaluate strategies for the acquisition and development programs, and test both for function and security. Then you should monitor your tests and evaluation processes. Next you should evaluate the test plans and procedures for operational testing. And finally, include your test and evaluation concerns in your requirements and design analysis.
It is important to audit your access controls to make sure that they are working effectively. You need to make sure that you're controlling access to your network. However, no one control or defense will be enough to accomplish this. You will need both physical and logical security controls, and you also need to make sure that you're maintaining the availability of resources for your authorized users.
Obviously, the best action would be to prevent an attack from ever occurring. However, you'll have to combat nature, outside threats, and inside threats, so it may not be possible to prevent all types of attacks. You should use a combination of effective logical and physical controls, hardening your systems, placing AAA servers, or authentication authorization and accounting servers, to make sure that only authorized individuals are accessing your resources.
Encryption technology to protect data on your systems that could be stolen, or data that's being transmitted across your network. Firewalls and intrusion prevention systems, and logging will all help you to accomplish this goal of preventing attacks. However, you will not be able to prevent all attacks, so when an attack does occur, it is critical that you detect it rapidly.
You must be monitoring to make sure that your users are accountable for their actions. And you should have intrusion detection and prevention systems to notify you that an incident has occurred so that you can respond to it rapidly. You should have advanced planning in place to make sure that you can effectively and quickly respond to any incidents or possible security breaches.
You should make sure that you're testing your controls regularly and auditing them to make sure that they are functioning properly. It is important to perform assessments and testing because it is a good responsible approach to overall security. It shows that you have good governance and that you've taken due care by being careful in putting the controls in place.
But that you've also taken due diligence by taking additional steps to test those controls to make sure that they are functioning properly. Assessors or auditors will strive for mutual understanding and will help you to find out if your security awareness is not in place. If your policies are either not being enforced or are not updated, if your employees are not following your procedures.
If you have any disjointed or siloed operations between your departments, and if you have any systems that are not being patched properly or are not meeting your required baselines. For the CISSP examination, you should remember the difference between due care, being careful and doing what any other reasonable person would do, and due diligence, where you're taking extra appropriate steps to make sure that your systems are secured properly.
This concludes our security assessment program module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!