Performing a Technical Security Audit and Assessment

Discover a proven method for conducting thorough and effective technical information audits. Learn how to develop the testing methodology essential for technical security reviews.

Introduction

• Welcome
• What are technical security assessments?
• Who this course is for

1. Overview of Technical Security Assessments

• Develop a technical security assessment methodology
• Overview of technical security assessment techniques
• Select your testing viewpoint
• Challenge: Pick the right technical security assessment
• Solution: Pick the right technical security assessment

2. Technical Security Assessment Reviews

• Required skillsets
• Conduct documentation reviews
• Conduct log reviews
• Conduct ruleset reviews
• Conduct system configuration reviews
• Conduct network sniffing
• Network sniffing tool demo: Wireshark
• Conduct file integrity checking
• File integrity checking tool demo
• Challenge: Pick the right reviews
• Solution: Pick the right reviews

3. Identify and Analyze Targets

• Required skillsets
• Conduct network discovery
• Network discovery tool demo
• Challenge: Install and run Nmap
• Solution: Install and run Nmap
• Identify network ports and services
• Network ports and services discovery tool demo
• Scan for vulnerabilities
• Vulnerability scanning tool demo
• Scan wireless networks

4. Validate Target Vulnerabilities

• Required skillsets
• Crack passwords
• Challenge: Install and run a password cracker
• Solution: Install and run a password cracker
• Password cracking tool demo
• Conduct penetration tests
• Penetration testing tool demo
• Conduct social engineering

5. Planning Technical Security Assessments

• Develop a security assessment policy
• Prioritize and schedule the assessments
• Select and customize techniques
• Select the assessors
• Select the location
• Select tools and resources
• Develop the assessment plan
• Challenge: Write a security assessment methodology
• Solution: Write a security assessment methodology
• Legal considerations

6. Executing the Technical Security Assessment

• Coordinate the assessment
• Conduct the assessment
• Conduct the analysis
• Challenge: Categorize assessment findings
• Solution: Categorize assessment findings
• Data handling considerations

7. Post-Testing Activities

• Recommend mitigation solutions
• Challenge: Recommend mitigation solutions
• Solution: Recommend mitigation solutions
• Report the results
• Implement remediation and mitigation

Conclusion

• Next steps