From the course: CompTIA PenTest (PT0-002) Cert Prep
Unlock this course with a free trial
Join today to access over 23,100 courses taught by industry experts.
Administrative and operational controls
From the course: CompTIA PenTest (PT0-002) Cert Prep
Administrative and operational controls
- Don't ever forget that there are multiple classes of controls and you want to make recommendations for controls at different levels and of different classes. So let's take a look at administrative and operational control recommendations that you may make in your penetration testing report. Administrative controls are the controls that are mainly focused on policies and procedures. They are things that are written down and authority has been granted by management to enforce these policies and procedures. So such administrative controls could be things such as implementing role-based access control. Now, even though implementing role-based access control would be a technical control, the actual policy to define it is an administrative control. So role-based access control defines the policies for determining roles and permissions required for each job role or job function. So it's up to the organization to define which job roles it wants to define and then, associate permissions with…
Contents
-
-
-
-
-
-
-
-
-
-
-
-
Report writing14m 47s
-
(Locked)
Important components of written reports2m 37s
-
(Locked)
Mitigation strategies5m
-
(Locked)
Technical and physical controls3m 46s
-
(Locked)
Administrative and operational controls5m 11s
-
(Locked)
Communication8m 38s
-
(Locked)
Presentation of findings2m 57s
-
(Locked)
Post-report activities5m 23s
-
(Locked)
Data destruction process1m 37s
-
-
-