Scribd Logo
Upload

Welcome to Scribd!

  • LPTv4 Module 45 Post Testing Actions

    Uploaded by

    Shanky Verma Soni
    70 views13 pages
    ECSAv4 Module 00 Student Introduction

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    ECSAv4 Module 00 Student Introduction

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    70 views13 pages

    LPTv4 Module 45 Post Testing Actions

    Uploaded by

    Shanky Verma Soni
    ECSAv4 Module 00 Student Introduction

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 13

    ECSA/LPT

    EC Council
    EC-Council

    M d l XLV
    Module
    Post Testing Actions

    Prioritize Recommendations

    Focus on high priority security concerns first.

    Develop strategies to achieve short term and


    long term security postures.
    postures
    Decide on required and available resources to
    maintain a consistent level of information
    security.

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Develop Action Plan


    Organizations should develop an
    action plan to:

    Address the security concerns on time and


    systematically.
    Reduce the misuse or threat of attacks on the
    organization.

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Create Process for Minimizing


    Misconfiguration Chances
    Create a configuration management process.

    Create or use configuration checklists available from the product


    vendors and securityy organizations
    g
    such as NIST and NSA.

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Updates and Patches


    Improve the
    h level
    l l off controll ffor the
    h
    purchased software's by checking for updates
    and p
    patches from the vendors.
    C
    Create
    ap
    policyy for applying
    pp y g p
    patches in a
    timely manner.

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Capture Lessons Learned and Best


    Practices
    Create guidelines for best practices to be followed
    based on the recommendations of pen test report.

    Regular auditing of organization reduces


    exposure to vulnerabilities.
    vulnerabilities

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Create Security Policies


    Create security policies, such as:

    EC-Council

    Systems Security Policy.


    Information Classification Policy.
    Password Policy.
    Strong Authentication Policy.
    Virus Detection and Management Policy.
    Encryption Policy.
    Security Change Management Policy.
    Remote Network Access Policy.
    Firewall Securityy Policy.
    y
    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Conduct Training
    Conduct training for analyzing security posture of a
    network.
    t
    k
    Technical security training programs for people
    managing information technology.
    Training
    a
    g for
    o app
    application
    cat o deve
    developers
    ope s to deve
    develop
    op secu
    securee
    code.
    Security education and awareness programs need to be
    implemented, such as:
    General security awareness for new employees in the
    organi ation
    organization.
    Awareness program through e-learning.
    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Take Social Engineering Class

    Social engineering is the human


    side of breaking into a corporate
    network.
    Provide training on social
    engineering to each and every
    p y
    employee.

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Destroy the Pen-Test Report


    After the completion of penetration testing and repairing all
    the vulnerabilities, destroy the pen-test report.

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    Summary
    Decide on required and available resources to maintain a consistent
    level of information security.

    Create or use configuration checklists available from product vendors


    and security organizations such as NIST and NSA.

    Create policy for applying patches in a timely manner.

    Provide training on social engineering to each and every employee.


    employee
    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    EC-Council

    Copyright by EC-Council
    All Rights Reserved. Reproduction is Strictly Prohibited

    You might also like