Unit 5 Technical Assessment Questions
1.
Explain how you would approach organizing your security assessment project plan.
-
Start by clearly defining the objectives and goals of the security assessment. What are
you trying to achieve? What are the specific security concerns or areas you want to
assess?
-
Determine who the key stakeholders are for the assessment. This may include senior
management, IT staff, compliance officers, legal counsel, and external auditors.
-
Establish a project team
-
Clearly define the scope and boundaries of the assessment. What systems,
applications, and data will be included? Are there any specific exclusions?
-
Conduct a risk assessment
-
Select Assessment Methodologies
-
Define Assessment Criteria
-
Develop a Project Plan
-
Develop a plan for collecting and analyzing relevant data, including network
configurations, system logs, and security policies.
-
Assessment Execution
-
Remediation Planning
-
Reporting and Documentation
-
Communication and Training
-
Ensure that all assessment documentation and records are properly maintained for
compliance and auditing purposes.
-
Conduct a post-assessment review to identify lessons learned and areas for
improvement in future assessments.
2.
What will you review and assess in the User Domain as part of this security
assessment?
