Implement Vulnerability Scanning Methods

---

Goals

• Understand industry regulations.
• Explore vulnerability scanning concepts.
• Review security baselines.
• Understand special scanning considerations.
• Review operational technology.

Explain Compliance Requirements

• Industry Standard Publishers
  • Relationship Between Regulations and Standards
    • regulations describe legal requirements and ramifications
    • standards provide the details compliance
  • National Institute of Standards and Technology (NIST)
  • International Organization for Standardization (ISO)
• Regulations and Standards
  • Center for Internet Security (CIS) Benchmarks
  • Open Worldwide Application Security Project (OWASP)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Capability Maturity Model Integration (CMMI)
  • Cloud Security Alliance (CSA) STAR Certification
  • Children’s Online Privacy Protection Act (COPPA)
  • General Data Protection Regulation (GDPR)
• Open Worldwide Application Security Project (OWASP)
• Center for Internet Security (CIS) Benchmarks
• Payment Card Industry Data Security Standard (PCI DSS)

Understanding Vulnerability Scanning Methods

• Vulnerability Scanner
  • Scope
  • Types of Vulnerability Scans
    • Credentialed/noncredentialed scans
    • Agent/agentless scans
    • Active/passive scans
    • External/internal scans
• Vulnerability Analysis Methods
• Endpoint Hardening Techniques
  • Benchmarks and Secure Baselines
  • SCAP Compliance Checker (SCC)
• Center for Internet Security (CIS) Benchmarks
• DISA Security Technical Implementation Guides (STIGs)

Exploring Special Considerations in Vulnerability Scanning

• Special Considerations for Vulnerability Scanning
• Different Types of Industrial Computer Systems
  • Operational Technology (OT)
  • Industrial Control Systems (ICS)
  • Programmable Logic Controllers (PLC)
  • Supervisory Control and Data Acquisition (SCADA)