Preparation
Summary
Purpose
Guiding Questions
Operational Security
Outputs
Activities
Footnotes
- 1 " Some activities common in penetration tests may violate local laws. For this reason, it is advised to check the legality of common pentest tasks in the location where the work is to be performed."
- 2 "Traveling teams should maintain a flyaway kit that includes systems, images, additional tools, cables, projectors, and other equipment that a team may need when performing testing at other locations."
- 3 APPENDIX A - Auditor travel kit checklist
- 4 See the auditor trainee resource list
References and resources for Preparation
-
Tip Sheet: Facilitator Preparation Tips ( Integrated Security )
-
Resource List: Password Dictionary Creation Resources (SAFETAG)
-
Resource List: Social Engineering Resources (SAFETAG)
-
Tip Sheet: Facilitator Preparation Tips ( Integrated Security )
-
Guidelines: "Facilitator Guidelines" (Aspiration Tech)
-
Guide: "Session_Design" (Aspiration Tech)
-
Kit: "Resource Kit" (eQualit.ie)
-
Questions: "Pre-Event_Questions" (Aspiration Tech)
-
Guide: "Break Outs" (Aspiration Tech)
-
Resources: "Be a Better Trainer" (Level-up)
-
Standard: "Pre-Engagement" (The Penetration Testing Execution Standard: Pre-Engagement Guidelines)
-
Template: Pre-Inspection Visit ( VulnerabilityAssessment.co.uk)
-
Template: "Rules of Engagement Template" (NIST SP 800-115)
-
Article: "The Difference Between a Vulnerability Assessment and a Penetration Test" (Daniel Miessler)
-
Article: "Vulnerability Assessment and Penetration Testing" (gosafe)
-
Standard: "Pre-Engagement" (The Penetration Testing Execution Standard: Pre-Engagement Guidelines)
-
Template: Pre-Inspection Visit ( VulnerabilityAssessment.co.uk)
-
Guide: "Six Stages of Incident Response" (CSO Online: Anthony Caruana)
-
Guide: "Threat Hunting Project" (http://www.threathunting.net)
- Resource: "Media Legal Defense Initiative" (Media Legal Defense Initiative)
- Guide: "Security Incident Information Management Handbook" (RedR UK)
-
Guide: "Six Stages of Incident Response" (CSO Online: Anthony Caruana)
-
Guide: "Threat Hunting Project" (http://www.threathunting.net)
Preparation:
Facilitation Preparation:
Creating Agreements and Rules of Engagement:
Other Pre-Engagement Resources:
Incident Handling Resources:
Legal Considerations:
Data Security Standards:
Sensitive Data & Information Guides:
Incident Handling Resources: