Application of Risk Assessment to improve the security is one of the critical security management functions. Among those activities related with this critical security management function is penetration testing. Penetration testing simulates an actual attack on the network and is conducted from outside the organization’s security perimeter.
Questions
[1] Define Penetration Testing and describe its objectives.
[2] What are the steps included in the penetration testing process.
Penetration testing is classified by the knowledge that the attacker and system personnel have
prior to the attack.
[3] What are these classification of penetration testing? Describe these classification of
Penetration Testing. (Hint. There are five classification of Penetration testing.)
[4] Describe the following types of Penetration Testing. Give examples.
[a]
Physical Penetration Testing
[b]
Operations Penetration Testing
[c]
Electronic Penetration testing.
[5] Before starting a penetration test (also called a pen test), it is important to define the Rules of Engagement (ROE), or the scope of work, of the test. The ROE defines the parameters and limits of the test; however, it usually does not include a complete list of all vulnerabilities.
(a) List those important actions to take before penetration test that should be included in rules of engagement.
Note:
It is required to include all your citations.
Sample Solution
