Scoping Questionnaire for Penetration Testing

Cyber criminals are on the rise. And no one is safe, however secure you feel your network is. The bad guys have the time and resources to keep prowling the internet for the next prey. If you use computers, laptops, mobile devices, and the Internet you could already be losing something without your knowledge.

You need to undertake a penetration test of your network to assess the threats of loss of your intellectual property, very confidential client data and details and business secrets.

You need to protect your computer resources. Whether it is a regulatory requirement or an internal security assurance or the need to practice best practices and gain respect of your strategic partners and stakeholders, a pen test is for you if your business uses computers and Internet.Summit Consulting adheres to the OSSTMM & EC-Council penetration testing methodology and code of ethics regarding this level and classification of test.

Penetration tests can range in a number of varieties from testing one application based on known vulnerabilities to far reaching tests where no vulnerability information is provided and every system and network is in‐scope. Additionally, a penetration can go as far as to gain control of the system by any means (aggressive) or to simply illustrate that it “could” be done by “taking these next steps”, without actually taking the steps. The following questions are intended to determine and refine the scope and extent of a desired penetration test. This template should be reviewed by our client and answered as thoroughly as possible. In the event that the client is not able to answer these questions, it is recommended that a Summit Consulting security practitioner review each question with the client to ensure adequate information is obtained.

Uganda laws require that Summit Consulting obtain written permission by an authorized representative of the client to perform a penetration/security assessment. The client must provide a written consent letter on company headed paper and stamped with the company seal/stamp authorizing for the penetration test to take place.

Please complete the attached questionnaire to enable us understand your requirements better and more clearer. With us, you have the right experts. Please note:

  1. Pen test —>tests to identify any existing vulnerabilities in your system, attempts to exploit them, and gives you evidence of exploit, if any. And then makes practical recommendations to fix. You have option to also expand scope to include ITIL/CoBIT/ISO27001/ PCI DSS benchmark reviews for a complete security risk assessment.
  2. IT governance review / security assessment —> reviews to identify any weaknesses or exposures in your IT systems and governance against known best practices, whether these can be exploited or not.

We advise you to go with the first option in two phrases first a pen test, then an IT governance and security review. The choice is yours.

Scoping-Questionnaire-for-Penetration-Testing.pdf (4178 downloads )
Share this

Most Popular Insights



Related Articles

The strategy insights, part 2

Once the problem has been defined, the next thing is to decide on the strategic choices – do you compete on price i.e. low-cost

How to transform a failing company: A case study at Business Banking Ltd

When productivity is low, and revenues are falling, most executives point at staff morale. The result are series of team building events and salary

Grow your business with digital strategy

What is your digital strategy? By now everyone has told you why a digital strategy is critical. That is not enough. The differentiator is

How easily can hackers intercept your connection?

A lay person may not have really acknowledged the risk incurred when communicating over insecure channels but hackers particularly have a way of intercepting

About Author