From the course: Performing a Technical Security Audit and Assessment

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Select and customize techniques

Select and customize techniques

From the course: Performing a Technical Security Audit and Assessment

Start my 1-month free trial Buy for my team

Select and customize techniques

- [Instructor] An important part of planning technical security assessments is selecting and customizing which testing techniques will be used. The objectives of the assessment will heavily influence technique selection. For example, assessing systems for vulnerabilities differs from conducting a PCI compliance audit. Assessments can be approached from various viewpoints. For instance, social engineering is a more appropriate technique for a covert assessment, and log reviews are often part of overt tests. Resource availability, such as time and funding, also plays a role. If resources are limited, quick vulnerability scans make more sense than expensive, time-consuming penetration tests. Finally, the risk to the target could drive technique selection. Less intrusive methods, like security configuration reviews, may be preferred over more invasive techniques, like penetration tests, to avoid potential service disruptions. Let's look at two testing scenarios to determine the most…

Contents