New Skills

New Training: Understanding the Need for Scope Planning

by Team Nuggets
New Training: Manage Storage in a Linux Environment picture: A
Published on February 25, 2021

In this 7-video skill, CBT Nuggets trainer Shawn Powers covers the importance of planning for a pentest engagement. Watch this new CompTIA training.

Learn CompTIA with one of these courses:

This training includes:

  • 7 videos

  • 35 minutes of training

You’ll learn these topics in this skill:

  • Introduction to the Importance of Planning

  • Identifying Target Audience

  • Specifying the Rules of Engagement

  • Defining Resources, Requirements, and Budgets

  • Explaining Timelines and Disclaimers

  • Defining Technical Constraints

  • Requesting Support Resources

How Can Pentesting Land You in Hot Water?

At its root, pen-testing is a process designed to break into business or government networks. Though pen-testing may not be a malicious act, penetration testers can still get into trouble with the law if they are not careful. Therefore, any pentester needs to define timelines and disclaimers with their clients before executing any attacks against an IT infrastructure.

Setting timelines with clients is important. This indicates to clients when tests will be performed so they are expecting abnormal behaviors in their network. IT security staff need to be made aware of potential attacks made by pen-testers so they don't attempt to thwart them, or worse, contact authorities.

Likewise, pen-testing always carries risks of causing harm to IT environments. Pentesters need to make these disclaimers known so that they can cover liability for themselves as well as ensuring that businesses have incident response plans in place if something does goes wrong.

Penetration testers need to explain both timelines and disclaimers to stakeholders before performing any tasks. Security professionals need un-inhibited access to a network to properly perform tests while understanding that sometimes these tests can cause harm. Both security researchers and stakeholders need to be prepared for these events.

Send me CBT Nuggets IT training news and resources. (Optional)

By submitting this form you agree that you have read, understood, and are able to consent to our privacy policy.

Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree that you have read, understood, and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2023 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522