Penetration Testing Team Rules of Engagement Worksheet

By | June 22, 2015

Rules of Engagement Worksheet:

 

Penetration Testing Team Contact Information:

 

Primary Contact:  ____________________________________________

 

Mobile Phone:      ____________________________________________

 

Pager:                   ____________________________________________

 

Secondary Contact:   _______________________________________________

 

Mobile Phone:          _______________________________________________

 

Pager:                       ________________________________________________

 

Target Organization Contact Information:

 

Primary Contact:  ____________________________________________

 

Mobile Phone:      ____________________________________________

 

Pager:                   ____________________________________________

 

Secondary Contact:   _______________________________________________

 

Mobile Phone:          ________________________________________________

 

Pager:                       ________________________________________________

 

 

“Daily Debriefing” Frequency: _____________________________________________

 

“Daily Debriefing” Time/Location: __________________________________________

 

 

Start Date of Penetration Test:  ______________________________________________

 

End Date of Penetration Test:  ______________________________________________

 

Testing Occurs at Following Times: __________________________________________

 

Will test be announced to target personnel:  ____________________________________

 

Will target organization shun IP addresses of attack systems:  _____________________

 

Does target organization’s network have automatic shunning capabilities that might disrupt access in unforeseen ways (i.e. create a denial-of-service condition), and if so, what steps will be taken to mitigate the risk:

 

____________________________________________________________________

 

____________________________________________________________________

 

 

Would the shunning of attack systems conclude the test: _______________________

 

If not, what steps will be taken to continue if systems get shunned and what approval (if any) will be required:

 

_______________________________________________________________________

 

_______________________________________________________________________

 

_______________________________________________________________________

 

IP addresses of penetration testing team’s attack systems:

 

_______________________________________________________________________

 

_______________________________________________________________________

 

_______________________________________________________________________

 

Is this a “black box” test:  __________________________________________________

 

What is the policy regarding viewing data (including potentially sensitive/confidential data) on compromised hosts:

 

_______________________________________________________________________

 

_______________________________________________________________________

 

_______________________________________________________________________

 

 

Will target personnel observe the testing team:  _________________________________

 

 

 

 

 

______________________________________________________________

Signature of Primary Contact representing Target Organization

 

____________________________

Date

 

 

 

______________________________________________________________

Signature of Head of Penetration Testing Team

 

____________________________

Date

 

 

If necessary, signatures of individual testers:

 

______________________________________________________________

Signature

 

____________________________

Date

 

 

______________________________________________________________

Signature

 

____________________________

Date

 

 

______________________________________________________________

Signature

 

____________________________

Date

 

 

______________________________________________________________

Signature

 

____________________________

Date

 

 

Download document in word format rules-of-engagement-worksheet

Share Button

2 thoughts on “Penetration Testing Team Rules of Engagement Worksheet

  1. Pingback: Margaret Cunniffe is an Australian Fraudster based in Melbourne Victoria who abuses those closest to her to achieve her selfish objectives.

  2. Pingback: Joseph de Saram#Rhodium

Leave a Reply

Your email address will not be published. Required fields are marked *