Please enable JavaScript.
Coggle requires JavaScript to display documents.
Importance of Planning and Scoping an Engagement (Threat actors…
Importance of Planning and Scoping an Engagement
Strategy
Black box vs. white box vs. gray box
Scheduling
Tolerance to impact
Types of assessment
Compliance-based
Red team
Goals-based/objectives-based
Special scoping considerations
Premerger
Supply chain
Target selection
Targets
Physical
Users
First-party vs. third-party hosted
SSIDs
External
Applications
Internal
On-site vs. off-site
Considerations
White-listed vs. black-listed
Security exceptions
NAC
Certificate pinning
Company’s policies
IPS/WAF whitelist
Risk acceptance
Threat actors
Capabilities
Intent
Adversary tier
Script kiddies
Hacktivist
APT
Insider threat
Threat models
Scope creep