Scribd Logo
Încărcați

Bine ați venit la Scribd!

  • Kaspersky PT Questionary

    Încărcat de

    Servicios Tasnet Colombia
    28 vizualizări5 pagini

    Titlu original

    Kaspersky-PT-Questionary

    Drepturi de autor

    © © All Rights Reserved

    Formate disponibile

    DOCX, PDF, TXT sau citiți online pe Scribd

    Vi se pare util acest document?

    Este necorespunzător acest conținut?

    Raportați acest document

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    28 vizualizări5 pagini

    Kaspersky PT Questionary

    Încărcat de

    Servicios Tasnet Colombia

    Drepturi de autor:

    © All Rights Reserved
    Descărcați ca DOCX, PDF, TXT sau citiți online pe Scribd
    Indicator pentru conținut neadecvat
    din 5

    Penetration Testing Service

    QUESTION FORM
    1 About Penetration Testing
    Penetration testing is a practical demonstration of possible attack scenarios allowing a
    malicious actor to bypass security controls in your corporate network and obtain high
    privileges in important systems. The service allows you to obtain information on vulnerabilities
    in your corporate resources that are available to different types of attackers and the possible
    consequences of those vulnerabilities being exploited. The service also allows you to evaluate
    the effectiveness of implemented security measures and to plan further actions to fix any
    detected flaws and improve security. Penetration testing has much in common with a real
    hacker attack and makes it possible to assess the effectiveness of protection measures on
    practice. However, unlike a hacker attack, the service is performed by experienced security
    experts from Kaspersky Lab who take particular care of system confidentiality, integrity and
    availability in strict adherence with international laws and best practices.
    If you are interested in the penetration testing service, please fill out the question form below.
    Please note that penetration testing results will be of greater value if our experts operate in
    the same conditions as a potential intruder. If you would like to significantly narrow the scope,
    for instance to perform a detailed analysis of a single application, we recommend that you
    refer to Kaspersky Lab’s other services, e.g. Application Security Assessment, Technological
    Audit, etc.

    2 Question Form

    # Question Answer

    1 General information
    1.1 Company name
    1.2 Official website
    1.3 Contact details
    1.4 Reasons for applying
    1.5 Has your corporate network (or
    specific systems) undergone an
    audit or penetration testing before?
    When (if applicable)?
    1.6 Main goals of the assessment
    (preparation for certification,
    creation of an information security
    management system, etc.)
    1.7 Expected project start date and
    duration

    Penetration Testing Service Question Form | page 2 of 5


    # Question Answer

    2 Scope and approach


    2.1 The number of branches/offices in
    different locations and their
    addresses (if they are in the scope)
    2.2 Approximate number of employees/
    workstations in the scope
    2.3 Approximate number of servers
    and network equipment
    2.4 Approximate number of Class C
    networks/hosts available from the
    Internet
    2.5 Approximate number of web
    applications available from the
    Internet
    2.6 What major compliance
    requirements are applicable to the
    systems within the scope?
    2.7 Should the penetration testing
    cover the whole system or specific
    parts? Please describe the scope
    2.8 Is on-site work required? (If yes,
    please list addresses)
    2.9 Are there any legal restrictions on
    accessing data processed in the
    systems included in the scope?
    2.10 Security assessment methods to be External penetration testing (black-box,
    used (choose applicable methods, from the Internet without privileges), the
    specify additional information about goal is to bypass the security perimeter and
    expectations if necessary, e.g. access internal networks
    specific threat actors to be External penetration testing with attack
    considered) development (black-box or grey-box, from
    the Internet without privileges), the goal is to
    bypass the security perimeter and attempt
    to gain high privileges in critical internal
    systems
    Internal penetration testing (black-box or
    grey-box, as an internal intruder with
    physical access to the territory or remotely
    connected to the LAN), the goal is to

    Penetration Testing Service Question Form | page 3 of 5


    # Question Answer
    escalate current privileges and gain high
    privileges in critical systems
    2.11 Use of social engineering As part of penetration testing - in this
    techniques (choose applicable case social engineering will be used to gain
    method, specify additional access to confidential data and/or internal
    information about expectations if networks
    necessary) As a method of assessing staff security
    awareness - in this case statistical data
    about employee reactions to different attack
    simulations will be obtained (no attack
    development)
    Social engineering techniques are out of
    the scope
    2.12 Assessment of wireless networks As part of internal penetration testing - in
    this case attempts to gain access to internal
    corporate networks through available
    wireless networks will be implemented
    Separately - in this case wireless security is
    assessed in general, attempts to gain
    access to internal corporate networks are
    also implemented, but no attack
    development is performed for this vector
    Wireless networks are not in the scope
    2.13 Main target systems of penetration
    testing
    3 Additional information
    3.1 Who will be informed about the Limited group of people
    penetration testing? Business units
    Information security and information
    technology officers
    All employees
    3.2 Are there any legal restrictions on
    accessing data processed in the
    information system?
    3.3 Are there any time limitations for
    conducting the security assessment
    (working days/hours)?
    3.4 Requirements for duration of report
    storage

    Penetration Testing Service Question Form | page 4 of 5


    # Question Answer

    3.5 Extra conditions and/or requests

    Penetration Testing Service Question Form | page 5 of 5

    S-ar putea să vă placă și