From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Conduct documentation reviews

Conduct documentation reviews

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial Buy for my team

Conduct documentation reviews

- [Narrator] The purpose of documentation reviews is to determine if security documents are current, accurate, and complete. Although this step in the security assessment process may not be as captivating as technical testing techniques, it's fundamentally important. Security documentation is the foundation of a good security program. Poorly written documentation or missing documentation could indicate inadequate security controls. When starting a security assessment, one of your first requests should be for all relevant documentation. Delayed delivery of documentation may suggest it's not readily available to IT or security staff who need it the most. The documentation you request may include security policies, standards, processes and procedures, system security plans and configuration instructions, network architectures and diagrams, incident response plans, and evidence of third party testing or certifications. Assessors can measure an organization's documentation, compliance with…

Contents