Managing and Conducting an Effective Vulnerability Assessment

Vulnerability assessment is a critical security practice that helps identify and classify the security holes in a computer or network infrastructure. Enabling your network or security team to conduct regular, effective vulnerability assessments will allow your organization to evaluate the effectiveness of their existing controls and safeguards, reducing unnecessary spend and maintaining compliance with audit and regulatory requirements, such as HIPAA and PCI.

Read More

In this course, students will begin by learning how the VA team functions together to perform a good assessment. Students will learn how to develop a project plan, including scoping the most important requirements of the assessment and choosing the methodologies that will be used to test. When a student completes this online training course they will have the knowledge required to manage and conduct a network vulnerability assessment as part of the larger VA team. This course is valid for continuing education units toward CISSP re-certification.

Instructor: Mike Vasquez

Real Class Example

Skills Learned

  • Understand how a Vulnerability Assessment team works together to perform good assessment
  • Understand how to develop a project plan
  • Knowledge to conduct a Network Vulnerability Assessment
  • Knowledge in choosing the best methodology that will be used to test

Who Should Attend This Course

Network Admins, Security team members, risk managers, and IT directors

Prerequisites

None, but we recommend that students have a working knowledge of logical and physical network architectures, networking components, TCP/IP, and basic project management skills are recommended.

Course Outline

  • The Tools & the Team – Functional testing vs. policy/procedure review
  • Elements of a Good Vulnerability Assessment
  • Developing a Project Plan
  • Assessing the Biggest Needs
  • Which Methodology?
  • Vulnerability and Security Attack Types
  • Conducting the Assessment
  • Communication Plan
  • Change Management
  • Using a vulnerability scanner
  • Reviewing the Results
  • False Positives
  • Remediation Plans
  • Reporting: Executive and Technical