Finance > Research Paper > Research Paper > Penetration Test Proposal Deliverable 1: Rules of Engagement (All)
Research Paper > Penetration Test Proposal Deliverable 1: Rules of Engagement
Document Content and Description Below
Penetration Test Proposal Deliverable 1: Rules of Engagement Haverbrook Investment Group, L.L.L.P. (HIG) is a company specializing in financial services and global revenue of $9.7 billion. The ... company which originally started in Largo, Maryland now has 350 location across the United States of America and 8,738 employees and 8.5 million customers. HIG’s motto and one of their core values is “the customer always comes first”. This customer first approach has led to rapid success and growth of their organization and information technology (IT) systems. To ensure the highest level of security over company resources and customer data the HIG executive management team, led by the Chief Executive Operator (CEO) Beth Haverbrook, has hired Centralia Security Lab (CSL) to perform penetration testing on HIG computer systems and determine the effectiveness of HIG systems security. CSL’s penetration testing include activities to identify and exploit security vulnerabilities. The company’s penetration testing approach incorporates the following three phases of penetration testing: pre-attack attack, and post-attack. The goal of the pre-attack phase is to plan, and collect as much data as possible about the target through active and passive reconnaissance. The attack phase utilizes the information gathered during the pre-attack phase to compromise and exploit vulnerabilities. The post-attack phase includes reporting, cleaning and destruction of artifacts and this is a critical phase when performing penetration tests. The purpose of this Rules of Engagement (ROE) is to lay the guidelines for both CSL penetration testers and HIG stakeholders, understand customer requirements, set project expectations, and come to agreements through legally binding documents. CSL and HIG has held interviews to collect customer information, and meetings to develop the ROE for the penetration testing and have come to an agreement on the scope, information handling, and requirements for this project. A penetration testing contract, which clearly states the rights and responsibilities of HIG and SQL has been signed and completed by both CSL and HIG. The testing contract defines the Non-disclosure clause, Objective of the penetration test, Fees and project schedule, Sensitive information, Confidential information, Indemnification clause, and Reporting and responsibilities. A Confidentiality Agreement (CA) has been signed and completed to protect against negligence and liability. A Non-Disclosure Agreement (NDA) documents has also been signed and completed to protect trade secrets, patents, or other proprietary information. [Show More]
Last updated: 2 years ago
Preview 1 out of 3 pages
Buy this document to get the full access instantly
Instant Download Access after purchase
Buy NowInstant download
We Accept:
Reviews( 0 )
$9.00
Can't find what you want? Try our AI powered Search
Document information
Connected school, study & course
About the document
Uploaded On
Nov 02, 2020
Number of pages
3
Written in
Additional information
This document has been written for:
Uploaded
Nov 02, 2020
Downloads
0
Views
113
.png)
