The first deliverable of the Penetration Test Proposal is the rules of engagement (ROE) document, a formal document that outlines the objectives, scope, methodology, and overall test plan agreed upon by the penetration testers and client system administrators. Penetration testing can cause complications such as network traffic congestion, system downtime, and may cause the same vulnerabilities and compromises it was designed to prevent. Due to the potential consequences of penetration testing, it is vital to agree upon a comprehensive ROE before testing.
For your ROE deliverable, consider the following:
How will you identify Haverbrook Investment Group’s network characteristics, expectations, constraints, critical systems, and other relevant information?What are your preliminary engagement activities with regard to scheduling, scope, and key stakeholders?What will you use to establish a binding agreement between Centralia Security Lab and Haverbrook Investment Group?How will you determine the services, targets, expectations, and other logistics that will be covered during the Rules of Engagement section?How will you explain to Haverbrook that the tools and techniques to be used in the penetration test will not corrupt data, violate privacy, and are in compliance with industry standards and any applicable laws and regulations?
The post Rules of Engagement