Scoping Questionnaire for Penetration Testing

Cyber criminals are on the rise. And no one is safe, however secure you feel your network is. The bad guys have the time and resources to keep prowling the internet for the next prey. If you use computers, laptops, mobile devices, and the Internet you could already be losing something without your knowledge.

You need to undertake a penetration test of your network to assess the threats of loss of your intellectual property, very confidential client data and details and business secrets.

You need to protect your computer resources. Whether it is a regulatory requirement or an internal security assurance or the need to practice best practices and gain respect of your strategic partners and stakeholders, a pen test is for you if your business uses computers and Internet.Summit Consulting adheres to the OSSTMM & EC-Council penetration testing methodology and code of ethics regarding this level and classification of test.

Penetration tests can range in a number of varieties from testing one application based on known vulnerabilities to far reaching tests where no vulnerability information is provided and every system and network is in‐scope. Additionally, a penetration can go as far as to gain control of the system by any means (aggressive) or to simply illustrate that it “could” be done by “taking these next steps”, without actually taking the steps. The following questions are intended to determine and refine the scope and extent of a desired penetration test. This template should be reviewed by our client and answered as thoroughly as possible. In the event that the client is not able to answer these questions, it is recommended that a Summit Consulting security practitioner review each question with the client to ensure adequate information is obtained.

Uganda laws require that Summit Consulting obtain written permission by an authorized representative of the client to perform a penetration/security assessment. The client must provide a written consent letter on company headed paper and stamped with the company seal/stamp authorizing for the penetration test to take place.

Please complete the attached questionnaire to enable us understand your requirements better and more clearer. With us, you have the right experts. Please note:

  1. Pen test —>tests to identify any existing vulnerabilities in your system, attempts to exploit them, and gives you evidence of exploit, if any. And then makes practical recommendations to fix. You have option to also expand scope to include ITIL/CoBIT/ISO27001/ PCI DSS benchmark reviews for a complete security risk assessment.
  2. IT governance review / security assessment —> reviews to identify any weaknesses or exposures in your IT systems and governance against known best practices, whether these can be exploited or not.

We advise you to go with the first option in two phrases first a pen test, then an IT governance and security review. The choice is yours.

Scoping-Questionnaire-for-Penetration-Testing.pdf (4178 downloads)
Share this



Related Articles

The death of conventional or traditional strategic planning, part 3

The term strategy is one of the most used by leaders today, yet few understand it well. Many strategic plan documents lack a “strategy.”

Third-Party Software a Security menace

Your device is at risk, your network is at risk! it’s all over the news, it is said every day, researchers and security officers

Satellite data can predict floods on Earth, researchers say

Major floods can be accurately predicted 5 months in advance, now that researchers have found a way to measure the amount of water built

Strategy formulation and execution

Winning the Game® newsletter Are you executing your strategy? Planning is cheap, because anyone can have a plan. Effective execution requires rewarding behaviors that

About Author