Periodically, through cybersecurity test and evaluation, organizations should evaluate their security controls to determine if they are operating as intended.
This involves establishing security metrics and process management. When it comes to process management, there’s a saying: You can’t manage what you can’t measure. It’s no different with cybersecurity. By defining the specific objectives of your security program, you can develop specific measures and monitor these measures over time to gauge process performance.
Basically, security performance measures fall into three main categories:
- Operational statistics include the counts of activity within an environment. These don’t necessarily reflect action by the organization, but they do help to build a general awareness of security-related activity within an organization.
- Performance measures are derived or calculated metrics that quantify an organization’s behavior or performance against a stated objective. We think of these in terms of specific action taken by employees to help maintain an organization’s security posture.
- Compliance goals are a specific type of performance measure focused on demonstrating whether an organization is complying with organizational policy.
Proper security configuration is essential. In order to verify its effectiveness, organizations should conduct vulnerability assessments and penetration testing.
The vulnerability assessment is to identify system security patches the organization may have missed or any weak security configurations the organization has applied. Normally, security firms use a variety of automated scanning tools to compare system configurations to published lists of known vulnerabilities.
Vulnerability scanning is taken yet a step further with penetration testing. This can be accomplished with a skilled, ethical hacker who leverages identified vulnerabilities and simulates real-life attack scenarios to determine whether these vulnerabilities can be exploited and lead to an actual breach. An organization can use the results of vulnerability scanning and penetration testing to identify any security gaps as well as consider the root cause of what permitted these vulnerabilities to get introduced within the organization.
As a third line of defense, organizations should also consider launching an occasional internal audit, which can verify cybersecurity control performance to assist in enhancing the overall security posture of the organization.
Cybersecurity Test And Evaluation Training
Tonex offers Cybersecurity Test and Evaluation (T&E) Training, a two-day course where participants learn to implement iterative testing and evaluating processes in order to guarantee the ability of an information system in operational environment full of vulnerabilities. Topics include:
- Test and evaluation
- Overview of developmental, operational and interoperability cyber testing
- Software and IT testing consideration
- Computer security and incident handling
- Wireless and server security
- Information security testing and assessment
- DoDI 5000.02
Who Should Attend
This course is designed for a wide range of security professionals and others in related fields such as authorizing official representatives, chief information officers, senior information assurance officers, information system owners or certifying authorities, employees of federal agencies and the intelligence community, assessors, assessment team members, auditors, inspectors or program managers of information technology area, any individual looking for information assurance implementation for a company based on recent DoD and NIST policies, systems engineers and Air force and military personnel in charge of cybersecurity.
Why Tonex?
–Tonex and its instructors are recognized as leaders in the security industry.
–We’re different because we take into account your workforce’s special learning requirements. In other words, we personalize our training – Tonex has never been and will never be a “one size fits all” learning program.
–Ratings tabulated from student feedback post-course evaluations show an amazing 98 percent satisfaction score.
Contact us for more information, questions, comments.