x/handbook
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
handbook/01 - Planning Considerations.md
Anton Nesterov 0938fe66f4
vault backup: 2024-08-24 21:44:58
2024-08-24 21:44:58 +02:00

1.1 KiB
Raw Blame History

Target Audience

  • Identify targets of the engagement
  • Identify scope and size of the engagement

Objective

Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.

Compliance

Establish guidelines (or necessity) for compliance with internal and external regulations. Example: PCI DSS

Resources

  1. Define budgeting requirements for the campaign.
  2. Identify target's accessibility:
    • Physical access
    • Remote access
    • Tooling required

Communication Plan

  1. Aquire Trusted Agent(s) within the company for trusted communication
  2. Establish communication guidelines and information access control rules during engagement (who knows what)

Product/Report

Establish reporting guidelines REPORT TEMPLATE

Technical Constraints

Identify and establish all technical restrictions during the engagement. What parts of the infrastructure is tested and what is out of scope.

Comprehensiveness

Identify specifics on the engagement, what parts of the infrastructure is tested, what type of vulnerabilities, etc.