New Training: Properly Scoping an Engagement
In this 8-video skill, CBT Nuggets trainer Shawn Powers teaches you how to scope your penetration test for the audience or client involved, including considerations for the type of assessment, purpose for testing, and the desired outcome. Watch this new CompTIA training.
Learn CompTIA with one of these courses:
This training includes:
- 8 videos
- 33 minutes of training
You’ll learn these topics in this skill:
- Introduction to Properly Scoping an Engagement
- Identifying Types of Assessments
- Understanding Mergers and Partners
- Selecting Targets
- Targeting Considerations
- Understanding Risk and Tolerance
- Identifying Scope Creep and Schedule Impact
- Identifying Threat Actors
What is a Threat Actor?
The goal of a penetration tester is to identify possible security vulnerabilities in an IT system. This includes avenues of attack. One of the ways security analysts will figure out which avenues of attack are viable is by identifying possible threat actors.
Threat actors are those that could potentially wish to harm or penetrate an IT system. These could be hacking groups or government entities. Not all threat actors are equal, and likewise, not all businesses need to be worried about the same threat actors.
For example, a consumer website may need to be more worried about data breaches or crypto-malware attacks while a power plant may need to be more worried about government agencies breaching their systems.