In an earlier CySA+ article, I mentioned that we would be delving into some of the subdomains of the four knowledge domains of the CySA+ certification exam. This article will detail one of the subdomains of Domain 1.0, Threat Management — Securing Corporate Environment.
Looking closer, this article will examine penetration testing, reverse-engineering, training exercises and risk evaluation. Most organizations use at least some semblance of a corporate environment with regard to their information security environment, making this subdomain relevant to most everybody working in information security. And, of course, studying it will help you earn a passing score on this CySA+ certification exam section.
It is the responsibility of cybersecurity analysts to perform ongoing monitoring of the effectiveness of an organization’s security controls. This obligation is fulfilled by penetration testing, where the cybersecurity analyst uses the information, tools and techniques that real attackers would use against the organization’s information security environment.
Penetration testing can be either external or internal and often varies in scope. The scope of the testing is determined by the pentesting rules of engagement. These ROEs are:
- Timing: Establishes what the testing day will be, as well as what hours the testing will occur
- Scope: The devices, networks and systems that should be included in the test
- Authorization: The formal written permission to perform the test
- Exploitation: Which exploits are attempted if there are vulnerabilities found
- Communication: Communication between pentesters and organization stakeholders needs to be determined, including periodic reports and methods for urgent communication if needed
- Reporting: The reports that will be delivered and their set timelines need to be determined
Cybersecurity analysts need to reverse-engineer software on occasion in order to gain a better understanding of malware. Hardware can also be reverse-engineered to locate security vulnerabilities. There (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/fcJyN5g4w6Q/