From the course: CISSP Cert Prep (2021): 6 Security Assessment and Testing
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Correlating scan results
From the course: CISSP Cert Prep (2021): 6 Security Assessment and Testing
Correlating scan results
- [Instructor] In addition to validating your scan results to eliminate false positive reports and remove documented exceptions, you'll also want to correlate scan reports with other information available to you from other sources. The first source of information that you should consult are any industry standards, best practices, or compliance obligations that are relevant to your organization. These standards may provide specific guidance on the types of vulnerabilities that require more urgent remediation. For example, PCI DSS contains some very specific guidance on vulnerability scanning. Here's a quote from the standard. "To demonstrate compliance, a scan must not contain high-level vulnerabilities in any component in the cardholder data environment." Generally, to be considered compliant, none of those components may contain any vulnerability that has been assigned a common vulnerability scoring system, or CVSS, base…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.