Target scoping and planning
Defining and deciding upon a formal scope is one of the most important factors of a vulnerability assessment. While there may be a lot of information and guidelines available on using various vulnerability assessment tools and techniques, the preparation phase of vulnerability assessment is quite often overlooked. Ignoring properly complete pre-engagement activities may lead to potential problems, such as the following:
- Scope creep
- Customer dissatisfaction
- Legal trouble
The scope of a project is intended to precisely define what is to be tested.
Theoretically, it may seem best to test each and every asset present in the network; however, it may not be practically possible. A detailed discussion with all the business units could help you gather a list of critical assets. These assets could then be included in the scope of the vulnerability assessment. Some of the common assets included in the vulnerability assessment scope are as follows:
- Communication lines
- E-commerce...