4.3 Reporting and Communication Flashcards
Explain the importance of communication during the penetration testing process.
What are the main types of client contact that you will interact with during a typical PenTesting event?
-The Primary contact is the party responsible for handling the project on the client’s end.
-The Technical contact is the party responsible for handling the technical elements of the activity.
-The Emergency contact is the party that can be contacted in case of particularly urgent matters.
What are some reasons to initiate official communication during a PenTest?
-Status Reports: Regular progress briefings with the client.
-Critical findings: Identified issues that imply a very high risk to the client’s organization.
-Indicators of Prior Compromise: Artifacts which can provide evidence of a prior cybersecurity event and could be from malicious sources.
-Goal Reprioritization: This is the catalyst for possible adjustments to the engagement.
