Centralia Security Lab has been hired by Haverbrook Investment Group to perform penetration testing on its systems. As a pen tester, you have been assigned to write the plan for what Centralia will do in the testing.
Your proposal should include the “rules of engagement” (agreement outlining the framework for the penetration testing) and outline how you would go through the five phases of hacking.
- How will you identify Haverbrook Investment Group’s network characteristics, expectations, constraints, critical systems, and other relevant information?
- What are your preliminary engagement activities with regard to scheduling, scope, and key stakeholders?
- What will you use to establish a binding agreement between Centralia Security Lab and Haverbrook Investment Group?
- How will you determine the services, targets, expectations, and other logistics that will be covered during the Rules of Engagement section?
- How will you explain to Haverbrook that the tools and techniques to be used in the penetration test will not corrupt data, violate privacy, and are in compliance with industry standards and any applicable laws and regulations?
Format below
Rules of Engagement
Overview
Include a brief description of the penetration test project.
Scope
Discuss the scope of the penetration test (pen test).
Checklist
Provide a list of the testing requirements.
Ethical Considerations
Describe how you will apply appropriate ethical principles throughout the penetration testing process
References