rules-of-engagement-worksheet.rtf

{\rtf1\ansi\ansicpg1252\uc1 \deff0\deflang1033\deflangfe1033{\fonttbl{\f0\froman\fcharset0\fprq2{\*\panose 02020603050405020304}Times New Roman;}{\f28\froman\fcharset238\fprq2 Times New Roman CE;}{\f29\froman\fcharset204\fprq2 Times New Roman Cyr;}
{\f31\froman\fcharset161\fprq2 Times New Roman Greek;}{\f32\froman\fcharset162\fprq2 Times New Roman Tur;}{\f33\froman\fcharset177\fprq2 Times New Roman (Hebrew);}{\f34\froman\fcharset178\fprq2 Times New Roman (Arabic);}
{\f35\froman\fcharset186\fprq2 Times New Roman Baltic;}}{\colortbl;\red0\green0\blue0;\red0\green0\blue255;\red0\green255\blue255;\red0\green255\blue0;\red255\green0\blue255;\red255\green0\blue0;\red255\green255\blue0;\red255\green255\blue255;
\red0\green0\blue128;\red0\green128\blue128;\red0\green128\blue0;\red128\green0\blue128;\red128\green0\blue0;\red128\green128\blue0;\red128\green128\blue128;\red192\green192\blue192;}{\stylesheet{
\ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \snext0 Normal;}{\*\cs10 \additive Default Paragraph Font;}{\s15\ql \li0\ri0\widctlpar
\tqc\tx4320\tqr\tx8640\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 \sbasedon0 \snext15 header;}{\*\cs16 \additive \sbasedon10 page number;}}{\info{\author tom}{\operator tom}
{\creatim\yr2009\mo8\dy24\hr14\min23}{\revtim\yr2009\mo8\dy24\hr15\min17}{\version12}{\edmins53}{\nofpages3}{\nofwords490}{\nofchars2793}{\nofcharsws3430}{\vern8243}}
\widowctrl\ftnbj\aenddoc\noxlattoyen\expshrtn\noultrlspc\dntblnsbdb\nospaceforul\formshade\horzdoc\dgmargin\dghspace180\dgvspace180\dghorigin1800\dgvorigin1440\dghshow1\dgvshow1
\jexpand\viewkind1\viewscale114\viewzk2\pgbrdrhead\pgbrdrfoot\splytwnine\ftnlytwnine\htmautsp\nolnhtadjtbl\useltbaln\alntblind\lytcalctblwd\lyttblrtgr\lnbrkrule \fet0\sectd \linex0\endnhere\sectlinegrid360\sectdefaultcl {\header \pard\plain 
\s15\ql \li0\ri0\widctlpar\tqc\tx4320\tqr\tx8640\pvpara\phmrg\posxr\posy0\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 \fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {\field{\*\fldinst {\cs16 PAGE  }}{\fldrslt {
\cs16\lang1024\langfe1024\noproof 3}}}{\cs16 
\par }\pard \s15\ql \li0\ri360\widctlpar\tqc\tx4320\tqr\tx8640\aspalpha\aspnum\faauto\adjustright\rin360\lin0\itap0 {
\par }}{\*\pnseclvl1\pnucrm\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl2\pnucltr\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl3\pndec\pnstart1\pnindent720\pnhang{\pntxta .}}{\*\pnseclvl4\pnlcltr\pnstart1\pnindent720\pnhang{\pntxta )}}
{\*\pnseclvl5\pndec\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl6\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl7\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl8
\pnlcltr\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}{\*\pnseclvl9\pnlcrm\pnstart1\pnindent720\pnhang{\pntxtb (}{\pntxta )}}\pard\plain \qc \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 
\fs24\lang1033\langfe1033\cgrid\langnp1033\langfenp1033 {Rules of Engagement Worksheet:
\par }\pard \ql \li0\ri0\widctlpar\aspalpha\aspnum\faauto\adjustright\rin0\lin0\itap0 {
\par Penetration Testing Team Contact Information:
\par 
\par Primary Contact:  ____________________________________________
\par 
\par Mobile Phone:      ____________________________________________
\par 
\par Pager: \tab                   ____________________________________________
\par 
\par Secondary Contact:   _______________________________________________
\par 
\par Mobile Phone:          ________________________________________________
\par 
\par Pager:                       ________________________________________________
\par 
\par Target Organization Contact Information:
\par 
\par Primary Contact:  ____________________________________________
\par 
\par Mobile Phone:      ____________________________________________
\par 
\par Pager: \tab                   ____________________________________________
\par 
\par Secondary Contact:   _______________________________________________
\par 
\par Mobile Phone:          ________________________________________________
\par 
\par Pager:                       ________________________________________________
\par 
\par 
\par "Daily Debriefing" Frequency: _____________________________________________
\par 
\par "Daily Debriefing" Time/Location: __________________________________________
\par 
\par 
\par Start Date of Penetration Test:  ______________________________________________
\par 
\par End Date of Penetration Test:  ______________________________________________
\par 
\par Testing Occurs at Following Times: __________________________________________
\par 
\par Will test be announced to target personnel:  ____________________________________
\par 
\par Will target organization shun IP addresses of attack systems:  _____________________
\par 
\par Does target organization's network have automatic shunning capabilities that might disrupt access in unforeseen ways (i.e. create a denial-of-service condition), and if so, what steps will be taken to mitigate the risk:
\par 
\par ____________________________________________________________________
\par 
\par ____________________________________________________________________
\par 
\par 
\par Would the shunning of attack systems conclude the test: _______________________
\par 
\par If not, what steps will be taken to continue if systems get shunned and what approval (if any) will be required: 
\par 
\par _______________________________________________________________________
\par 
\par _______________________________________________________________________
\par 
\par _______________________________________________________________________
\par 
\par IP addresses of penetration testing team's attack systems:
\par 
\par _______________________________________________________________________
\par 
\par _______________________________________________________________________
\par 
\par _______________________________________________________________________
\par 
\par Is this a "black box" test:  __________________________________________________
\par 
\par What is the policy regarding viewing data (including potentially sensitive/confidential data) on compromised hosts:
\par 
\par _______________________________________________________________________
\par 
\par _______________________________________________________________________
\par 
\par _______________________________________________________________________
\par 
\par 
\par Will target personnel observe the testing team:  _________________________________
\par 
\par 
\par \page 
\par 
\par ______________________________________________________________
\par Signature of Primary Contact representing Target Organization
\par 
\par ____________________________
\par Date
\par 
\par 
\par 
\par ______________________________________________________________
\par Signature of Head of Penetration Testing Team
\par 
\par ____________________________
\par Date
\par 
\par 
\par If necessary, signatures of individual testers:
\par 
\par ______________________________________________________________
\par Signature
\par 
\par ____________________________
\par Date
\par 
\par 
\par ______________________________________________________________
\par Signature
\par 
\par ____________________________
\par Date
\par 
\par 
\par ______________________________________________________________
\par Signature
\par 
\par ____________________________
\par Date
\par 
\par 
\par ______________________________________________________________
\par Signature
\par 
\par ____________________________
\par Date
\par }}