From the course: Security Testing Essential Training
Join today to access over 25,400 courses taught by industry experts.
Selecting your methodology
From the course: Security Testing Essential Training
Selecting your methodology
- [Instructor] Which methodologies should you use when conducting a security assessment? There are a few methodologies you may want to consider depending on the nature of your specific assessment. When conducting a risk assessment, a great place to start is NIST's Special Publication 800-30 Revision 1: Guide for Conducting Risk Assessments. And while NIST tends to be more qualitative in its approach, the FAIR Institute's quantitative approach may be more to your liking. For a security controls assessment, the NIST Cybersecurity Framework contains a comprehensive control set built around a centralized governance function. Likewise, the ISO/IEC 27002 2022 version: Code of practice for information security controls provides a comprehensive set of security controls that you might want to consider. And when it comes to compliance assessments, the specific dataset that you have in your environment often dictates which controls must be assessed, who should do the assessing, and how often…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.