base on Guide to Network Deefense And countermaeasures Case project 1-2 Page num

Question

base on Guide to Network Deefense And countermaeasures Case project 1-2 Page number 30

You are a new security tester for Security Consulting Company (SCC). Before you begin your first assignment, Shelley Canon, the vice president of SCC, wants you to read the rules of engagement section of the Open Source Security Testing Methodology Manual (OSSTMM) to make sure you do not violate any company policies. 1. Create a posting that summarizes, without copying them, one or two of the OSSTMM’s rules of engagement section. 2. Consider the purpose of the rules of engagement and select one of the questions to follow and provide opinion that is supported by reading and research: -

-When is it permissible to release the names of past clients?

Explanation / Answer

Two of the Open Source Security Testing Methodology Manual ’s rules of engagement section-

1-. As per the manual ,there should be a clearly defined scope as per the defined contract before going through vulnerable services.

2-There should be a defined test plan and it includes both calendar time and time of man hours. It also includes hours of testing.

As I go through the Open Source Security Testing Methodology Manual ’s rules,it is forbidden to use the name of past clients even if client doesn’t have any issue still you will not disclose client name as it was not only linked with client confidentiality but it also affect security testing organization

Related Questions

Navigate

• Browse (All)
• Browse B
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.