Wk4_411
Need help with a question.
2 years ago 30
Wk4_411.docx
week4teampaper.docx
Wk4_411.docx
Due 10/7/2024
Based on your research, readings, and this week’s Learning Team assignment, create a 4- to 5-page sample penetration agreement for a banking institution using the major sections listed below and the purpose of each section. Include examples within each section. The major sections should include:
· Scope for testing
· Mapped to bank’s business objectives
· Compliance/regulatory requirements
· Internal or external testing or both
· Technical testing
· Physical security testing
· Threat identification (who and what are the threats)
· Legal issues that must be considered
· Components to be tested (include examples of findings/vulnerabilities that may be found with each)
· Gathering publicly available information
· Network scanning
· System/application scanning
· Privilege escalation
week4teampaper.docx
|
Section |
Description |
Commonalities |
Differences |
||||||
|
Testing Scope |
Details the systems, networks, and applications included or excluded from the test. |
|
|
||||||
|
Testing Method |
|
|
|
||||||
|
Authorization and Legal Consent |
Grants legal permission for the pen test to access and test the system. |
Every agreement includes a clause that authorizes testers to perform the test. |
Some agreements specify geographic or jurisdictional consent requirements. |
||||||
|
Confidentiality |
Ensures all sensitive data accessed during the test is kept confidential. |
Every agreement includes a clause that authorizes the tester to perform the pen test. |
Some agreement outlines specific non-disclosure timelines, others indefinite confidentiality obligations. |
||||||
|
Reporting |
Specifies the format, timing, and details of the final report that is delivered to the client. |
All agreements mention that a report will be provided at the end of the test with its findings. |
Level of details and formatting of reporting vary between agreement. |
||||||
|
Risk and Liability |
Defines liability limits in case of damages caused by pen test and how risks will be managed |
Liability wavers or risk management clauses are present in every agreement. |
Liability caps and specifies insurance coverage. Some agreements hold the testers fully liable. |
Wk4_411.docx
Due 10/7/2024
Based on your research, readings, and this week’s Learning Team assignment, create a 4- to 5-page sample penetration agreement for a banking institution using the major sections listed below and the purpose of each section. Include examples within each section. The major sections should include:
· Scope for testing
· Mapped to bank’s business objectives
· Compliance/regulatory requirements
· Internal or external testing or both
· Technical testing
· Physical security testing
· Threat identification (who and what are the threats)
· Legal issues that must be considered
· Components to be tested (include examples of findings/vulnerabilities that may be found with each)
· Gathering publicly available information
· Network scanning
· System/application scanning
· Privilege escalation
week4teampaper.docx
|
Section |
Description |
Commonalities |
Differences |
||||||
|
Testing Scope |
Details the systems, networks, and applications included or excluded from the test. |
|
|
||||||
|
Testing Method |
|
|
|
||||||
|
Authorization and Legal Consent |
Grants legal permission for the pen test to access and test the system. |
Every agreement includes a clause that authorizes testers to perform the test. |
Some agreements specify geographic or jurisdictional consent requirements. |
||||||
|
Confidentiality |
Ensures all sensitive data accessed during the test is kept confidential. |
Every agreement includes a clause that authorizes the tester to perform the pen test. |
Some agreement outlines specific non-disclosure timelines, others indefinite confidentiality obligations. |
||||||
|
Reporting |
Specifies the format, timing, and details of the final report that is delivered to the client. |
All agreements mention that a report will be provided at the end of the test with its findings. |
Level of details and formatting of reporting vary between agreement. |
||||||
|
Risk and Liability |
Defines liability limits in case of damages caused by pen test and how risks will be managed |
Liability wavers or risk management clauses are present in every agreement. |
Liability caps and specifies insurance coverage. Some agreements hold the testers fully liable. |