From the course: CompTIA PenTest+ (PT0-002) Cert Prep
Unlock this course with a free trial
Join today to access over 23,400 courses taught by industry experts.
Technical and physical controls
From the course: CompTIA PenTest+ (PT0-002) Cert Prep
Technical and physical controls
- One of the class of outcomes that you should expect from a well-executed penetration test is a list of recommendations, and it should be a list. It shouldn't just be one thing. There should be a list of recommendations spread across classes of control types. The first two types are technical and physical controls. Technical controls, remember, are the controls that are implemented via hardware, software, and configuration settings. And those should include as appropriate, things such as process level remediation, which means that you're going to recommend procedure changes to increase security. Patch management, make sure that you plan, test, execute and manage recurring patch activity for hardware, software, and firmware, specifically, software and firmware. Key rotation, you want to document key rotation cycles and validate that the procedures are followed to make sure that your encryption keys are rotated and are not used for such a long period of time that they may become stale.…
Contents
-
-
-
-
-
-
-
-
-
-
-
-
Report writing14m 47s
-
(Locked)
Important components of written reports2m 37s
-
(Locked)
Mitigation strategies5m
-
(Locked)
Technical and physical controls3m 46s
-
(Locked)
Administrative and operational controls5m 11s
-
(Locked)
Communication8m 38s
-
(Locked)
Presentation of findings2m 57s
-
(Locked)
Post-report activities5m 23s
-
(Locked)
Data destruction process1m 37s
-
-
-