2024-08-24 17:34:25 +00:00
|
|
|
|
|
|
|
## Target Audience
|
|
|
|
|
|
|
|
- Identify targets of the engagement
|
|
|
|
- Identify scope and size of the engagement
|
|
|
|
|
|
|
|
|
|
|
|
## Objective
|
|
|
|
|
|
|
|
Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.
|
|
|
|
|
|
|
|
|
|
|
|
## Compliance
|
|
|
|
|
|
|
|
Establish guidelines (or necessity) for compliance with internal and external regulations.
|
|
|
|
Example: PCI DSS
|
|
|
|
## Resources
|
|
|
|
|
|
|
|
1. Define budgeting requirements for the campaign.
|
|
|
|
2. Identify target's accessibility:
|
|
|
|
- Physical access
|
|
|
|
- Remote access
|
|
|
|
- Tooling required
|
|
|
|
|
|
|
|
## Communication Plan
|
|
|
|
|
|
|
|
1. Aquire Trusted Agent(s) within the company for trusted communication
|
|
|
|
2. Establish communication guidelines and information access control rules during engagement (who knows what)
|
|
|
|
|
|
|
|
|
|
|
|
## Product/Report
|
|
|
|
|
|
|
|
Establish reporting guidelines
|
2024-08-24 19:44:58 +00:00
|
|
|
[[REPORT TEMPLATE]]
|
2024-08-24 17:34:25 +00:00
|
|
|
|
|
|
|
## Technical Constraints
|
|
|
|
|
|
|
|
Identify and establish all technical restrictions during the engagement. What parts of the infrastructure is tested and what is out of scope.
|
|
|
|
|
|
|
|
## Comprehensiveness
|
|
|
|
|
2024-08-24 19:44:58 +00:00
|
|
|
Identify specifics on the engagement, what parts of the infrastructure is tested, what type of vulnerabilities, etc.
|