New Training: Understanding the Need for Scope Planning

In this 7-video skill, CBT Nuggets trainer Shawn Powers covers the importance of planning for a pentest engagement. Watch this new CompTIA training.
Learn CompTIA with one of these courses:
This training includes:
7 videos
35 minutes of training
You’ll learn these topics in this skill:
Introduction to the Importance of Planning
Identifying Target Audience
Specifying the Rules of Engagement
Defining Resources, Requirements, and Budgets
Explaining Timelines and Disclaimers
Defining Technical Constraints
Requesting Support Resources
How Can Pentesting Land You in Hot Water?
At its root, pen-testing is a process designed to break into business or government networks. Though pen-testing may not be a malicious act, penetration testers can still get into trouble with the law if they are not careful. Therefore, any pentester needs to define timelines and disclaimers with their clients before executing any attacks against an IT infrastructure.
Setting timelines with clients is important. This indicates to clients when tests will be performed so they are expecting abnormal behaviors in their network. IT security staff need to be made aware of potential attacks made by pen-testers so they don't attempt to thwart them, or worse, contact authorities.
Likewise, pen-testing always carries risks of causing harm to IT environments. Pentesters need to make these disclaimers known so that they can cover liability for themselves as well as ensuring that businesses have incident response plans in place if something does goes wrong.
Penetration testers need to explain both timelines and disclaimers to stakeholders before performing any tasks. Security professionals need un-inhibited access to a network to properly perform tests while understanding that sometimes these tests can cause harm. Both security researchers and stakeholders need to be prepared for these events.
delivered to your inbox.
By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.