Prior to performing any penetration testing, it is important to outline the Rules of Engagement (RoE) with the client. Begin this 14-video course with a general overview of the RoE, how it relates to business, and the potential consequences of not having the RoE in place. Look at benefits of having an easy reference checklist prepared when defining RoE. Learn how to determine the appropriate scope of engagement; examine client (IT staff) considerations; and view common risks and limitations, such as impact on systems. Explore the logistics and considerations such as testing tools, personnel, and test schedules. Delve into incident handling and best practices; testing and best practices, and also best practices in information handling. Examine elements that should be included in final reports, such as action taken, problems, and findings. Look at liabilities, warranty, limitation of a liability, and indemnification considerations to include when outlining the intent of testing activities. Finally, learn how to ensure proper authorization has been granted to commence any testing.
provide a general overview of the Rules of Engagement, how the ROE relates to business, and the potential consequences of not having the ROE in place
provide an overview of the benefits of having a easy reference checklist or templates prepared when defining RoE
recognize how to determine the appropriate scope of engagement
describe client (IT staff) considerations such as client contact details and potential impacts on their working environment
describe common risks and limitations you should outline such as impact on systems, and ensuring backups are available and the disaster recovery plan is intact
list key logistical considerations such as testing tools, personnel, and test schedules
describe incident handling best practices such as law enforcement contact, sensitive data/privacy, and encryption
describe best practices you should outline in the event that testing is successful or unsuccessful
outline best practices to follow or consider when in possession of a company's data, such as encryption and data destruction
describe elements that should be included in a final report such as actions taken, problems, and findings
describe warranty, limitation of liability, and indemnification considerations to include when outlining the intent of testing activities, as well as and any liability concerns
describe how to ensure proper authority has been granted to commence any testing, such as obtaining signatures from key stakeholders