From the course: CompTIA PenTest (PT0-002) Cert Prep
Unlock this course with a free trial
Join today to access over 23,200 courses taught by industry experts.
Compliance-based assessments
From the course: CompTIA PenTest (PT0-002) Cert Prep
Compliance-based assessments
- Earlier we briefly touched on different types of assessments. Let's revisit the compliance-based assessment type because it has a few different nuances. In most cases, you and the client will determine the rules of engagement and the statement of work, but with a compliance-based assessment, some of those rules are actually put in place for you. For example, the rules to complete an assessment may be based on the particular compliance direction that you're attempting to satisfy. For example, PCI DSS, which we've mentioned several times, has specific guidelines on how to complete an assessment. So your regulations, legislation, perhaps, or even the standard, PCI DSS is a standard and not a law, those may direct how you actually complete the assessment. Additionally, password policies, which is part of the corporate policy, may dictate how you approach things. For example, if you have password policy that limits the valid passwords, that actually gives you some information. If you're…
Contents
-
-
-
Planning a pen test8m 21s
-
(Locked)
Rules of engagement10m 28s
-
(Locked)
Regulatory compliance4m 23s
-
(Locked)
Resources and budgets7m 7s
-
(Locked)
Impact and constraints5m 6s
-
(Locked)
Support resources13m 14s
-
(Locked)
Legal groundwork11m 43s
-
(Locked)
Service provider agreements2m 12s
-
(Locked)
Standards and methodologies, part 16m 48s
-
(Locked)
Standards and methodologies, part 29m 17s
-
(Locked)
Environmental and scoping considerations13m 38s
-
(Locked)
Ethical mindset5m 36s
-
(Locked)
Lab environment setup17m 32s
-
(Locked)
Project strategy and risk9m 12s
-
(Locked)
Scope vulnerabilities13m 19s
-
(Locked)
Compliance-based assessments4m 8s
-
-
-
-
-
-
-
-
-
-
-
-