From the course: Security Testing Essential Training (2022)
Join today to access over 24,700 courses taught by industry experts.
Selecting your methodology
From the course: Security Testing Essential Training (2022)
Selecting your methodology
- [Instructor] Here are a few methodologies you may want to consider depending on the nature of your assessment. When conducting a risk assessment, a great place to start is NIST Special Publication 800-30 Rev 1, Guide for Conducting Risk Assessments. While this tends to be more qualitative in its approach, the Fair Institute's quantitative approach may be more to your organization's liking. For security controls assessments, NIST Special Publication 800-53 Rev 5, Security and Privacy Controls for Federal Information Systems and Organizations, contains an extensive set of security controls, along with considerable detail regarding each individual control. Likewise, ISO 27002, the 2022 version, Code of practice for information security controls, provides a comprehensive set of security controls that you may want to consider. And when it comes to compliance assessments, the specific data set often dictates which…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.