Browse
Search
2024-308-E-IT Dept-Trustedsec-Penetration testing and cybersecurity consulting
OrangeCountyNC
>
Board of County Commissioners
>
Contracts and Agreements
>
General Contracts and Agreements
>
2020's
>
2024
>
2024-308-E-IT Dept-Trustedsec-Penetration testing and cybersecurity consulting
Metadata
Thumbnails
Annotations
Entry Properties
Last modified
6/5/2024 8:42:32 AM
Creation date
6/5/2024 8:42:19 AM
Metadata
Fields
Template:
Contract
Date
5/30/2024
Contract Starting Date
5/30/2024
Contract Ending Date
5/31/2024
Contract Document Type
Contract
Amount
$21,500.00
There are no annotations on this page.
Document management portal powered by Laserfiche WebLink 9 © 1998-2015
Laserfiche.
All rights reserved.
/
41
PDF
Print
Pages to print
Enter page numbers and/or page ranges separated by commas. For example, 1,3,5-12.
After downloading, print the document using a PDF reader (e.g. Adobe Reader).
View images
View plain text
Orange County North Carolina <br />TrustedSec Confidential <br /> <br /> 7 <br /> <br /> Technical Assessments <br />1.3.1 Penetration Testing Execution Standard (PTES) Phases <br />TrustedSec uses the Penetration Testing Execution Standard (PTES), a standard that has <br />gained wide adoption within the security community, as a methodical way to approach <br />Penetration Testing. PTES defines a penetration test as the ability to attack an organization <br />as an adversary, with a goal of affecting a company’s potential to generate revenue. <br />Additionally, TrustedSec also utilizes the NIST SP800-115, Technical Guide to Information <br />Security Testing and Assessment, as a framework for security testing. <br />Pre-Engagement Interaction <br />The pre-engagement interaction phase will focus heavily on understanding Orange County <br />North Carolina's purpose for the penetration test and expected outcomes during the <br />assessment. This is a foundational meeting for establishing the criteria, expectations, and <br />delivery times for the assessment. As part of this assessment, formal points of contact and <br />escalation points will be determined. <br />Intelligence Gathering <br />During this phase, TrustedSec will perform reconnaissance of Orange County North <br />Carolina and identify any Open Source Intelligence (OSINT) that may be applicable for <br />attacking the organization. This information will help in identifying the most impactful point <br />of entry into the organization or infrastructure. Intelligence Gathering relies heavily upon <br />understanding the organization and how it performs business on a broad scale. As an <br />attacker, using this information is highly beneficial for profiling how the attack will occur. <br />Threat Modeling <br />Using the information obtained from the Intelligence Gathering phase, TrustedSec will <br />begin to profile Orange County North Carolina and identify the best route of entry. Threat <br />Modeling uses a solid understanding of a client’s environment to profile the best way into <br />the organization. Simple probing will be used during this phase to identify protection <br />mechanisms, versions, and other non-obtrusive aspects to understand how the <br />infrastructure is designed. <br />Vulnerability Analysis <br />The vulnerability analysis phase focuses heavily on taking the information from the Threat <br />Modeling phase and determining the best route into the organization. During a penetration <br />test, TrustedSec acts as the attacker and finding the easiest route into the organization is <br />the top priority. Understanding how the business functions and what systems are in place <br />in those areas is highly important to the assessment. During this phase, the best attack <br />vectors are selected. <br />DocuSign Envelope ID: AFDC1276-5BF5-4129-B1DC-BCD00B65C8BC
The URL can be used to link to this page
Your browser does not support the video tag.