Write a 2- to 3-page outline of the penetration test plan using the following Penetration Testing Execution Standard steps/categories for your outline: Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting Explain what each step includes. Include issues and questions you should anticipate from a potential client

Write a 2- to 3-page outline of the penetration test plan using the following Penetration Testing Execution Standard steps/categories for your outline: Pre-engagement Interactions Intelligence Gathering Threat Modeling Vulnerability Analysis Exploitation Post Exploitation Reporting Explain what each step includes. Include issues and questions you should anticipate from a potential client

Information Technology Project Management

9th Edition

ISBN:9781337101356

Author:Kathy Schwalbe

Publisher:Kathy Schwalbe

Chapter11: Project Risk Management

Section: Chapter Questions

Problem 2RC

See similar textbooks

Similar questions

Objectives Develop questions to gain further insight and help get the client and tester on the same page Create a sample scope for an security assessment Create and revise Rules of Engagement for the test Overview You were given a Request For Proposal (RFP) but it seems to be lacking enough details to determine what the client is requesting for a test. We will need to come up with some information and questions to discuss with the client to determine what exactly they are wanting. This will allow both the client and the tester to be on the same page prior to beginning any assessment. We will be building a Scope and Rules of Engagement (ROE) to determine what is in scope and the document that outlines specifics of the project and how it will occur. Below are some of the key points pulled from the RFP that was lacking a lot of details: The test is for CIT-E Corp with 2,000 employees located throughout the United States They want a penetration test from either an outside company or…
Which of the following steps in the SQUARE process does the following explanation belong to: This step becomes important when there are diverse stakeholders. Group of answer choices Elicit security requirements. Perform risk assessment. Select elicitation technique. Develop artifacts.
Theoretical Background: Scenario: As a member of the project team, you have to write an organized and well-structured technical report as per the task below. This top-level information security policy which is a key component of the organizations overall information security management framework and should be considered alongside more detailed information security documentation including, system level security policies, security guidance and protocols or procedures. Task: Enter a short scoping overview of the organization, including those providing or receiving services under contracts that are to be subject to this information security policy. Note: The statement should take account of the Information Governance aims and expectations set out within the Information Security Management: Code of Practice for organizations. Write an Information Security policy for the organization. Note: The aim of this policy is to establish and maintain the security and confidentiality of…
Lab Exercise 7: You are working for Safa Tech LLC a multi-national software development company as an Information Security Specialist your task is to provide the requirements to implement Physical Security controls and procedures for various security management areas in the organization. Utilize the below elements to implement security in this organization, you can add/drop elements as required, also extra elements can be added. Add diagrams and pictures highlighting physical security requirements. Elements and design Physical barriers. Natural surveillance. Security lighting. Alarm systems and sensors. Video surveillance. Mechanical access control systems. Electronic access control systems. Identification systems and access policies. Identify Frameworks for Physical Security
At least two examples/scenarios are required to back up your response and highlight the most important SDLC stage.
Please to create a chart base on the information below cross functional interactions chart for a recovery policy request Please show the satrt and end on the chart it a recovery Policy request The Policy Change Request process diagram should start with the client submitting a request for a change in coverage to the customer service department. The customer service representative will verify the client's information and send the request to the accounts department for approval. Once approved, the IT department will update the client's deduction amount in the system and notify the Marketing department to update the client's policy premium. The Finance department will also notify the client's employer of the updated deduction amount.
- There are many types of cybersecurity liability policies covering a host of eventualities. What insurance you should buy depends on your business model and your company board's risk appetite. For this discussion, pick one of the five cybersecurity laws, regulations, or policies you wrote about in the Module 5 assignment, and discuss what types of insurance you would recommend in case your company fails at compliance for that requirement. Discuss the risk-reward trade offs, and explain why you think your insurance recommendation is worth the cost.
You are working for Safa Tech LLC a multi-national software development company as an Information Security Specialist your task is to provide the requirements to implement Physical Security controls and procedures for various security management areas in the organization. Utilize the below elements to implement security in this organization, you can add/drop elements as required, also extra elements can be added. Add diagrams and pictures highlighting physical security requirements. Elements and design Physical barriers. Natural surveillance. Security lighting. Alarm systems and sensors. Video surveillance. Mechanical access control systems. Electronic access control systems. Identification systems and access policies. Identify Frameworks for Physical Security
What factors should influence the time frame and scope of a penetration test? Give examples to support your ranking.
After reading the case presented in the module, write a short response to the following discussion questions and ethical decision making scenario. Discussion Questions Before the discussion at the start of this chapter, how do Fred, Gladys, and Charlie each perceive the scope and scale of the new information security effort? Did Fred’s perception change after that? How should Fred measure success when he evaluates Gladys’ performance for this project? How should he evaluate Charlie’s performance? Which of the threats discussed in this chapter should receive Charlie’s attention early in his planning process?
Create a fake business. Pick and provide detailed requirements based on the business type and area. Setup an AWS Instance for a fake business with compliance (document), server, Identity/Access Management, S3, monitoring, and services that match your business requirements (need to define). Take at least one screenshots per service. ****************STEPS NEEDED TO COMPLETE THIS*************
Create a timeline that will detail how the week of pen testing will be conducted, the frequency of reporting, and the form of documentation of results that will be submitted. This should include a 1-page explanation of daily, weekly, and monthly security steps that the company should implement along with an explanation of how they will be implemented and what they will achieve