1.4 KiB
1.4 KiB
Target Audience
- Identify targets of the engagement
- Identify scope and size of the engagement
- Surface area of engagement
Objective
Asses reasons for the assessment. Security, risk assessments, customer personal data protection, etc.
Identify Protected Assets
Compliance
Establish guidelines (or necessity) for compliance with internal and external regulations or standards. Example: PCI DSS, GDPR, HIPPA, etc
- Strictly defined surface area of engagement
Statement of Work Non-Disclosure Agreement Request for Information (RFI)
Resources
- Define budgeting requirements for the campaign.
- Identify target's accessibility:
- Physical access
- Remote access
- Tooling required
Communication Plan
- Aquire Trusted Agent(s) within the company for trusted communication
- Establish communication guidelines and information access control rules during engagement (who knows what)
- Establish escalation procedures
Product/Report
Establish reporting guidelines
Technical Constraints
Identify and establish all technical restrictions during the engagement. What parts of the infrastructure is tested and what is out of scope.
Comprehensiveness
Identify specifics on the engagement, what parts of the infrastructure is tested, what type of vulnerabilities, etc.