Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Infosec Strategies and Best Practices

You're reading from   Infosec Strategies and Best Practices Gain proficiency in information security using expert-level strategies and best practices

Arrow left icon
Product type Paperback
Published in May 2021
Publisher Packt
ISBN-13 9781800566354
Length 272 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Joseph MacMillan Joseph MacMillan
Author Profile Icon Joseph MacMillan
Joseph MacMillan
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Section 1: Information Security Risk Management and Governance
2. Chapter 1: InfoSec and Risk Management FREE CHAPTER 3. Chapter 2: Protecting the Security of Assets 4. Section 2: Closing the Gap: How to Protect the Organization
5. Chapter 3: Designing Secure Information Systems 6. Chapter 4: Designing and Protecting Network Security 7. Chapter 5: Controlling Access and Managing Identity 8. Section 3: Operationalizing Information Security
9. Chapter 6: Designing and Managing Security Testing Processes 10. Chapter 7: Owning Security Operations 11. Chapter 8: Improving the Security of Software 12. Other Books You May Enjoy

Interpreting results from security assessments

When we're looking at the results from security assessments, there are two types, similar to how we split the third-party assessments in the previous section. These two types are technical assessments and Risk Management and Governance assessments.

Both types of reports will generally try to quantify the level of risk posed by each of the vulnerabilities found by assigning a score (either 1-5, 1-10, or some other scale) to them. It's important that you consider the value of your assets from your risk assessment proceedings, as sometimes a vulnerability could be seen as highly exploitable, but perhaps isn't worth mitigating, because it wouldn't stand to protect anything of value. In other words, the level of risk that's presented is below the risk acceptance level.

Often, the technical reports will include a narrative of how the penetration test was undertaken on a step-by-step basis, with screenshots,...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at €18.99/month. Cancel anytime