handbook/01 - Planning.md


## Target Audience

- Identify targets of the engagement 
- Identify scope and size of the engagement
- Surface area of engagement

## Objective

Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.

Identify Protected Assets 

[[ASSET INVENTORY]]
[[RISK REGISTER]]

## Compliance

Establish guidelines (or necessity) for compliance with internal and external regulations or standards.
Example: PCI DSS, GDPR, HIPPA, etc
- Strictly defined surface area of engagement

[[Statement of Work]]
[[Non-Disclosure Agreement]]
[[Request for Information (RFI)]]

## Resources

1. Define budgeting requirements for the campaign.
2. Identify target's accessibility:
	- Physical access
	- Remote access
	- Tooling required
	
## Communication Plan

1. Aquire Trusted Agent(s) within the company for trusted communication
2. Establish communication guidelines and information access control rules during engagement (who knows what)
3. Establish escalation procedures


## Product/Report

Establish reporting guidelines

[[PENTEST REPORT TEMPLATE]]

## Technical Constraints

Identify and establish all technical restrictions during the engagement. What parts of the infrastructure is tested and what is out of scope.

## Comprehensiveness

Identify specifics on the engagement, what parts of the infrastructure is tested, what type of vulnerabilities, etc.
vault backup: 2024-08-24 19:34:25 2024-08-24 17:34:25 +00:00
			`## Target Audience`

			`- Identify targets of the engagement`
			`- Identify scope and size of the engagement`
vault backup: 2024-08-25 21:02:08 2024-08-25 19:02:08 +00:00			`- Surface area of engagement`
vault backup: 2024-08-24 19:34:25 2024-08-24 17:34:25 +00:00
			`## Objective`

			`Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.`

vault backup: 2024-08-25 21:02:08 2024-08-25 19:02:08 +00:00			`Identify Protected Assets`

			`[[ASSET INVENTORY]]`
			`[[RISK REGISTER]]`
vault backup: 2024-08-24 19:34:25 2024-08-24 17:34:25 +00:00
			`## Compliance`

vault backup: 2024-08-30 14:45:21 2024-08-30 12:45:22 +00:00			`Establish guidelines (or necessity) for compliance with internal and external regulations or standards.`
			`Example: PCI DSS, GDPR, HIPPA, etc`
vault backup: 2024-08-25 21:02:08 2024-08-25 19:02:08 +00:00			`- Strictly defined surface area of engagement`

			`[[Statement of Work]]`
			`[[Non-Disclosure Agreement]]`
			`[[Request for Information (RFI)]]`

vault backup: 2024-08-24 19:34:25 2024-08-24 17:34:25 +00:00			`## Resources`

			`1. Define budgeting requirements for the campaign.`
			`2. Identify target's accessibility:`
			`- Physical access`
			`- Remote access`
			`- Tooling required`

			`## Communication Plan`

			`1. Aquire Trusted Agent(s) within the company for trusted communication`
			`2. Establish communication guidelines and information access control rules during engagement (who knows what)`
vault backup: 2024-08-30 14:45:21 2024-08-30 12:45:22 +00:00			`3. Establish escalation procedures`
vault backup: 2024-08-24 19:34:25 2024-08-24 17:34:25 +00:00

			`## Product/Report`

			`Establish reporting guidelines`
vault backup: 2024-08-25 21:02:08 2024-08-25 19:02:08 +00:00
			`[[PENTEST REPORT TEMPLATE]]`
vault backup: 2024-08-24 19:34:25 2024-08-24 17:34:25 +00:00
			`## Technical Constraints`

			`Identify and establish all technical restrictions during the engagement. What parts of the infrastructure is tested and what is out of scope.`

			`## Comprehensiveness`

vault backup: 2024-08-24 21:44:58 2024-08-24 19:44:58 +00:00			`Identify specifics on the engagement, what parts of the infrastructure is tested, what type of vulnerabilities, etc.`