505 - Vulnerability Assessments (VA)
Course Description
This course provides an overview of the Vulnerability Assessment (VA) process within the GC. It describes one approach to VA and provides insights to different types of VA. Upon completion, participants should be able to manage a VA process and to use the knowledge to assess their department’s security posture.
Objectives
- Describe how VA fits into IT security risk management and the departmental security program
- Describe the VA methodology approach used by the GC
- Compare different types of VAs
- Interpret information from VA reporting to support departmental IT security risk management
Duration
2 days
Target Audience
Project/Program managers, IT Security designers, architects, engineers and managers, ITSCs.
Prerequisite(s)
Resources and Related Learning
- Harmonized Threat and Risk Assessment Methodology
- CSEC Baseline Security Requirements for Network Security Zones in the Government of Canada (ITSG-22)
- Policy of Government Security (PGS)
- Management of Information Technology Security (MITS)
NIST Publications
- Special Publications:
- An Introduction to Computer Security: The NIST Handbook (Special Publication 800-12)
- Risk Management Guide for Information Technology Systems (Special Publication 800-30)
- Recommended Security Controls for Federal IT Systems (Special Publication 800-53)(Draft)
- Guideline on Network Security Testing (Special Publication 800-42)
- Technical Guide to Information Security Testing and Assessment (Special Publication 800-115)
- Security Considerations in the System Development Life Cycle (Special Publication 800-64)
- National Vulnerability Database
- National Checklist Program Repository
Public Publications
Date(s)
Please see our IT Security Course Calendar: HTML | PDF (73KB)
Registration Form - PDF (84KB) * Accessibility Notice
Fee
$650