Guidelines for Preparing for a Pen Test Engagement

Here are some guidelines you can follow when preparing for a pen test engagement.

• Ensure that your team is well trained in the tasks they will undertake.
• Make sure there is a clear chain of command with a clear communications path.
• Train the team to consult their supervisor when confronted with an unexpected situation or decision.
• Pair less experienced testers with more experienced ones unless it puts the activity at risk.
• Ensure that the client's IT department (at least the managers) is aware of the test, and that they have good backups and contingency plans to restore affected systems.
• Train your team to stay within the scope of the engagement unless authorized to expand their investigation.
• Train your team to log evidence of previous or existing malicious activity, to continue with what they are doing, and to escalate findings for further instruction.
• Ensure that the team fully documents their steps, collects as much data as possible, and uploads this information to a central repository for analysis.