Wk4_411

Bandos051814

Main

Home >Homework Answsers >Computer Science homework help

good work quality work

Need help with a question.

7 months ago
07.10.2024
30

Report issue

files (2)

Wk4_411.docx
week4teampaper.docx

Wk4_411.docx

Due 10/7/2024

Based on your research, readings, and this week’s Learning Team assignment, create a 4- to 5-page sample penetration agreement for a banking institution using the major sections listed below and the purpose of each section. Include examples within each section. The major sections should include:

· Scope for testing

· Mapped to bank’s business objectives

· Compliance/regulatory requirements

· Internal or external testing or both

· Technical testing

· Physical security testing

· Threat identification (who and what are the threats)

· Legal issues that must be considered

· Components to be tested (include examples of findings/vulnerabilities that may be found with each)

· Gathering publicly available information

· Network scanning

· System/application scanning

· Privilege escalation

week4teampaper.docx

Section

Description

Commonalities

Differences

Testing Scope

Details the systems, networks, and applications included or excluded from the test.

All agreements outline the systems to be tested and what will be excluded.

The specificity of the scope and any limitations on testing (e.g., no destructive testing) may vary.

Testing Method

Describes the techniques and tools that will be used during the test.

General testing approaches like manual or automated testing are commonly mentioned.

Some agreements specify exact tools or exclude certain methods social engineering, DoS attacks).

Authorization and Legal Consent

Grants legal permission for the pen test to access and test the system.

Every agreement includes a clause that authorizes testers to perform the test.

Some agreements specify geographic or jurisdictional consent requirements.

Confidentiality

Ensures all sensitive data accessed during the test is kept confidential.

Every agreement includes a clause that authorizes the tester to perform the pen test.

Some agreement outlines specific non-disclosure timelines, others indefinite confidentiality obligations.

Reporting

Specifies the format, timing, and details of the final report that is delivered to the client.

All agreements mention that a report will be provided at the end of the test with its findings.

Level of details and formatting of reporting vary between agreement.

Risk and Liability

Defines liability limits in case of damages caused by pen test and how risks will be managed

Liability wavers or risk management clauses are present in every agreement.

Liability caps and specifies insurance coverage. Some agreements hold the testers fully liable.

week4teampaper.docx

Section

Description

Commonalities

Differences

Testing Scope

Details the systems, networks, and applications included or excluded from the test.

All agreements outline the systems to be tested and what will be excluded.

The specificity of the scope and any limitations on testing (e.g., no destructive testing) may vary.

Testing Method

Describes the techniques and tools that will be used during the test.

General testing approaches like manual or automated testing are commonly mentioned.

Some agreements specify exact tools or exclude certain methods social engineering, DoS attacks).

Authorization and Legal Consent

Grants legal permission for the pen test to access and test the system.

Every agreement includes a clause that authorizes testers to perform the test.

Some agreements specify geographic or jurisdictional consent requirements.

Confidentiality

Ensures all sensitive data accessed during the test is kept confidential.

Every agreement includes a clause that authorizes the tester to perform the pen test.

Some agreement outlines specific non-disclosure timelines, others indefinite confidentiality obligations.

Reporting

Specifies the format, timing, and details of the final report that is delivered to the client.

All agreements mention that a report will be provided at the end of the test with its findings.

Level of details and formatting of reporting vary between agreement.

Risk and Liability

Defines liability limits in case of damages caused by pen test and how risks will be managed

Liability wavers or risk management clauses are present in every agreement.

Liability caps and specifies insurance coverage. Some agreements hold the testers fully liable.

Wk4_411.docx

Due 10/7/2024

· Scope for testing

· Mapped to bank’s business objectives

· Compliance/regulatory requirements

· Internal or external testing or both

· Technical testing

· Physical security testing

· Threat identification (who and what are the threats)

· Legal issues that must be considered

· Components to be tested (include examples of findings/vulnerabilities that may be found with each)

· Gathering publicly available information

· Network scanning

· System/application scanning

· Privilege escalation

week4teampaper.docx

Section

Description

Commonalities

Differences

Testing Scope

Details the systems, networks, and applications included or excluded from the test.

All agreements outline the systems to be tested and what will be excluded.

The specificity of the scope and any limitations on testing (e.g., no destructive testing) may vary.

Testing Method

Describes the techniques and tools that will be used during the test.

General testing approaches like manual or automated testing are commonly mentioned.

Some agreements specify exact tools or exclude certain methods social engineering, DoS attacks).

Authorization and Legal Consent

Grants legal permission for the pen test to access and test the system.

Every agreement includes a clause that authorizes testers to perform the test.

Some agreements specify geographic or jurisdictional consent requirements.

Confidentiality

Ensures all sensitive data accessed during the test is kept confidential.

Every agreement includes a clause that authorizes the tester to perform the pen test.

Some agreement outlines specific non-disclosure timelines, others indefinite confidentiality obligations.

Reporting

Specifies the format, timing, and details of the final report that is delivered to the client.

All agreements mention that a report will be provided at the end of the test with its findings.

Level of details and formatting of reporting vary between agreement.

Risk and Liability

Defines liability limits in case of damages caused by pen test and how risks will be managed

Liability wavers or risk management clauses are present in every agreement.

Liability caps and specifies insurance coverage. Some agreements hold the testers fully liable.

Wk4_411.docx

Due 10/7/2024

· Scope for testing

· Mapped to bank’s business objectives

· Compliance/regulatory requirements

· Internal or external testing or both

· Technical testing

· Physical security testing

· Threat identification (who and what are the threats)

· Legal issues that must be considered

· Components to be tested (include examples of findings/vulnerabilities that may be found with each)

· Gathering publicly available information

· Network scanning

· System/application scanning

· Privilege escalation

week4teampaper.docx

Section

Description

Commonalities

Differences

Testing Scope

Details the systems, networks, and applications included or excluded from the test.

All agreements outline the systems to be tested and what will be excluded.

The specificity of the scope and any limitations on testing (e.g., no destructive testing) may vary.

Testing Method

Describes the techniques and tools that will be used during the test.

General testing approaches like manual or automated testing are commonly mentioned.

Some agreements specify exact tools or exclude certain methods social engineering, DoS attacks).

Authorization and Legal Consent

Grants legal permission for the pen test to access and test the system.

Every agreement includes a clause that authorizes testers to perform the test.

Some agreements specify geographic or jurisdictional consent requirements.

Confidentiality

Ensures all sensitive data accessed during the test is kept confidential.

Every agreement includes a clause that authorizes the tester to perform the pen test.

Some agreement outlines specific non-disclosure timelines, others indefinite confidentiality obligations.

Reporting

Specifies the format, timing, and details of the final report that is delivered to the client.

All agreements mention that a report will be provided at the end of the test with its findings.

Level of details and formatting of reporting vary between agreement.

Risk and Liability

Defines liability limits in case of damages caused by pen test and how risks will be managed

Liability wavers or risk management clauses are present in every agreement.

Liability caps and specifies insurance coverage. Some agreements hold the testers fully liable.

other Questions(10)