lptv4 module 45 post testing actions
TRANSCRIPT
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
1/13
ECSA/LPT
- o u ePost Testing Actions
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
2/13
Prioritize Recommendations
Focus on high priority security concerns first.
Develop strategies to achieve short term and.
maintain a consistent level of informationsecurity.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
3/13
Develop Action Plan
action plan to:
Address the security concerns on time andsystematically.
Reduce the misuse or threat of attacks on theorganization.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
4/13
Create Process for Minimizing
Create a configuration management process.
Create or use configuration checklists available from the productvendors and security organizations such as NIST and NSA.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
5/13
Updates and Patches
Improve the level of control for thepurchased software's by checking for updatesand patches from the vendors.
Create a olic for a l in atches in atimely manner.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
6/13
Capture Lessons Learned and Best
Create guidelines for best practices to be followedbased on the recommendations of pen test report.
Regular auditing of organization reduces.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
7/13
Create Security Policies
Create security policies, such as:
Systems Security Policy.
Information Classification Policy.
Password Policy.
Strong Authentication Policy.
Virus Detection and Management Policy.
Encryption Policy.
Security Change Management Policy. Remote Network Access Policy.
Firewall Securit Polic .
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
8/13
Conduct Training
Conduct training for analyzing security posture of ane wor .
Technical security training programs for peoplemanaging information technology.
Trainin for a lication develo ers to develo securecode.
implemented, such as:
General security awareness for new employees in the
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
organ za on.
Awareness program through e-learning.
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
9/13
Take Social Engineering Class
Social engineering is the human
network.
Provide training on socialengineering to each and everyem lo ee.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
10/13
Destroy the Pen-Test Report
fter the completion of penetration testing and repairing allthe vulnerabilities, destroy the pen-test report.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
11/13
Summary
Decide on required and available resources to maintain a consistentlevel of information security.
Create or use configuration checklists available from product vendorsand security organizations such as NIST and NSA.
Create policy for applying patches in a timely manner.
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
.
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
12/13
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
-
7/24/2019 LPTv4 Module 45 Post Testing Actions
13/13
EC-CouncilCopyright byEC-Council
All Rights Reserved. Reproduction is Strictly Prohibited