From the course: Performing a Technical Security Audit and Assessment

Unlock this course with a free trial

Join today to access over 25,300 courses taught by industry experts.

Prioritize and schedule the assessments

Prioritize and schedule the assessments

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial Buy for my team

Prioritize and schedule the assessments

- [Narrator] Security assessments, like any project, aim to achieve specific business objectives. In this case, they test the security of a specified set of systems. As with any project assessors face time, budget, and resource constraints. Adequate planning is crucial for ensuring a successful assessment. During the planning phase, organizations need to determine the systems that will be in scope for technical security assessments and establish the frequency of these assessments. Systems can be prioritized based on assigned system impact ratings by the organizations such as high, medium, and low. With high impact systems receiving higher priority and the last assessment date. Overdue systems are given higher priority. Compliance requirements such as annual assessments under FISMA may drive assessment frequency. However, organizations may choose more frequent assessments for better security oversight. Since assessments are only snapshots of security status, other factors that may…

Contents