The depth and breadth of the systems and applications to be tested are usually determined by the needs and concerns of the client.
Many ethical hackers are members of a tiger team. A tiger team works together to perform a full-scale test covering all aspects of network, physical, and systems intrusion.
Points to Remember :
- Gain authorization from the client with signed contract giving the tester permission to perform the test.
- Maintain and follow a nondisclosure agreement (NDA) with the client in the case of confidential information disclosed during the test.
- Maintain confidentiality when performing the test. Information gathered may contain sensitive information. No information about the test or company confidential data should ever be disclosed to a third party.
- Perform the test up to but not beyond the agreed-upon limits.
Example: DoS attacks should only be run as part of the test if they have previously been agreed upon with the client. Loss of revenue, goodwill, and worse could befall an organization whose servers or applications are unavailable to customers as a result of the testing.
Framework for performing a security audit of an organization :
2. Prepare and sign NDA documents with the client.
3. Organize an ethical hacking team, and prepare a schedule for testing.
4. Conduct the test.
5. Analyze the results of the testing, and prepare a report.
6. Present the report findings to the client.
Keeping It Legal :
- An ethical hacker should know the penalties of unauthorized hacking into a system.
- No ethical hacking activities associated with a network-penetration test or security audit should begin until a signed legal document giving the ethical hacker express permission to perform the hacking activities is received from the target organization.
- Ethical hackers need to be judicious with their hacking skills and recognize the consequences of misusing those skills.
Cyber Laws : You can download the PDF Link
Exam Essentials : Check Here
Review Questions: Download here
