ISSC363 form week 1

Various parts of the assessment are the Hardware and software considerations, IDing the assets, data and infrastructure. And most importantly the risks and vulnerabilities.  Along with the impacts to the company.   There can of course be more or less depending on what exactly your superiors are looking for but in general it is important to have these parts in your reports. 

 

Does it include or exclude Penetration Testing? 

 

Yes the penetration test is taken into account.  It is a way of identifying holes in your system defenses.    Penetrating testing is one of the most important in my basic opinion.  For if it were me trying to get information from a person this is one of the first ways I would try.  See what you can get with as little effort as you can, 

 
Powered by