Posted: September 15th, 2022

Identifying Haverbrook Investment Group’s information

Essay

Identifying Haverbrook Investment Group’s information
This will be achieved through reconnaissance gathering. As such, Centralia Security Lab will collect as much information regarding Haverbrook Investment Group’s network characteristics, expectations, constraints, critical systems using techniques like Dumpster diving, tailgating, tax records, internet footprinting, social engineering etc.
Preliminary engagement activities with regard to scheduling, scope, and key stakeholders
The scope encompasses the whole CDE boundaries and any vital systems; this is applicable to the external boundary (public-facing attack surfaces) and the internal boundary (LAN-LAN attack surfaces) (Halton et al., 2017). As such, the testing scope will encompass cardholder data locations, applications responsible for storing, processing, or conveying cardholder data, critical network links, access points, and other targets suitable for the intricacy and size of the company. Key stakeholders include the penetration testing program manager, penetration testing team lead and senior penetration tester, information system security officers, and customers. The following information will be provided within 5 business days before testing is initiated:
• testing performance period-this will be done between 8.00am-6.00pm, Monday till Friday
• Target environment resources to be tested (Hostname, IP addresses, URL)
• Any restricted systems, hosts, or subnets that are untested
Establishing a binding agreement
To establish a binding agreement, it is important to draft a pentest contract, and ensure that it has the following clauses:
• parties to the agreement
• scope of work
• timeframe
• terms of payment
• confidentiality
• termination
Determining the services, targets, expectations, and other logistics
Determining the services, targets, expectations, and other logistics will be achieved through pre-engagement interactions. This is where Centralia Security Lab will highlight the test logistics, expectations, implications of law, targets, goals and objectives that Haverbrook Investment Group would want to attain. Also, this is where Centralia Security Lab works with Haverbrook Investment Group to fully comprehend any risks the organizational culture and the best pentesting approach.
Explaining to Haverbrook that the tools and techniques to be used in the penetration test will not corrupt data, violate privacy
Haverbrook will be reassured that proper data handling will be employed throughout the process. As such, all confidential data, at rest or in transit will be encrypted. All deliverables will also be safeguarded and marked as sensitive. Once the testing is completed and final reports are delivered, any data gathered during the test will be destroyed (Wilhelm, 2013). Destruction receipts will be offered to CMS.

References
Halton, W., Weaver, B., Ansari, J. A., Kotipalli, S. R., & Imran, M. A. (2017). Penetration testing: A survival guide. Packt Publishing.
Wilhelm, T. (2013). Professional penetration testing: Creating and learning in a hacking lab. Newnes.

Order | Check Discount