Guiding Questions

Outputs

References and resources for Preparation

Preparation:

• Tip Sheet: Facilitator Preparation Tips ( Integrated Security )

• Resource List: Password Dictionary Creation Resources (SAFETAG)

• Resource List: Social Engineering Resources (SAFETAG)

Facilitation Preparation:

• Tip Sheet: Facilitator Preparation Tips ( Integrated Security )

• Guidelines: "Facilitator Guidelines" (Aspiration Tech)

• Guide: "Session_Design" (Aspiration Tech)

• Kit: "Resource Kit" (eQualit.ie)

• Questions: "Pre-Event_Questions" (Aspiration Tech)

• Guide: "Break Outs" (Aspiration Tech)

• Resources: "Be a Better Trainer" (Level-up)

Creating Agreements and Rules of Engagement:

• Standard: "Pre-Engagement" (The Penetration Testing Execution Standard: Pre-Engagement Guidelines)

• Template: Pre-Inspection Visit ( VulnerabilityAssessment.co.uk)

• Template: "Rules of Engagement Template" (NIST SP 800-115)

• Article: "The Difference Between a Vulnerability Assessment and a Penetration Test" (Daniel Miessler)

• Article: "Vulnerability Assessment and Penetration Testing" (gosafe)

• Article: "Legal Issues in Penetration Testing"

Other Pre-Engagement Resources:

• Standard: "Pre-Engagement" (The Penetration Testing Execution Standard: Pre-Engagement Guidelines)

• Template: Pre-Inspection Visit ( VulnerabilityAssessment.co.uk)

Incident Handling Resources:

• Guide: "Six Stages of Incident Response" (CSO Online: Anthony Caruana)

• Guide: "Threat Hunting Project" (http://www.threathunting.net)

Legal Considerations:

• Resource: "Media Legal Defense Initiative" (Media Legal Defense Initiative)

Data Security Standards:

Sensitive Data & Information Guides:

• Guide: "Security Incident Information Management Handbook" (RedR UK)

Incident Handling Resources:

• Guide: "Six Stages of Incident Response" (CSO Online: Anthony Caruana)

• Guide: "Threat Hunting Project" (http://www.threathunting.net)