Rules of Engagement

   

Centralia Security Lab has been hired by Haverbrook Investment Group to perform penetration testing on its systems. As a pen tester, you have been assigned to write the plan for what Centralia will do in the testing.

Your proposal should include the “rules of engagement” (agreement outlining the framework for the penetration testing) and outline how you would go through the five phases of hacking.

  

  • How will      you identify Haverbrook Investment Group’s network characteristics,      expectations, constraints, critical systems, and other relevant      information?
  • What are      your preliminary engagement activities with regard to scheduling, scope,      and key stakeholders?
  • What will      you use to establish a binding agreement between Centralia Security Lab      and Haverbrook Investment Group?
  • How will      you determine the services, targets, expectations, and other logistics      that will be covered during the Rules of Engagement section?
  • How will      you explain to Haverbrook that the tools and techniques to be used in the      penetration test will not corrupt data, violate privacy, and are in      compliance with industry standards and any applicable laws and      regulations?

Format below

Rules of Engagement

Overview

Include a brief description of the penetration test project. 

Scope

Discuss the scope of the penetration test (pen test). 

Checklist

Provide a list of the testing requirements. 

Ethical Considerations 

Describe how you will apply appropriate ethical principles throughout the penetration testing process

References