Rules of Engagement
Rules of Engagement
- The Rules of Engagement are the pre-agreed rules for a penetration testing exercise.
- They help ensure that the engagement is carried out safely.
- The ROE has three main sections:
- Permission
- Explicit permission from people with authority to carry out the engagement.
- Includes multiple kinds of contact information to help resolve any "sticky" situations
- Test Scope
- Defines the target of the engagement
- For example, specific servers, offices, applications, networks, etc.
- Defines the target of the engagement
- Rules
- What the attackers are allowed or forbidden from doing.
- Permission
Metadata
Sources
SANS Institute Rules of Engagement Worksheet