Professional Documents
Culture Documents
EC Council
EC-Council Module XIII
Rules of Engagement
g g
Module Objective
This module
Thi d l will
ill iintroduce
t d you tto th
the
following:
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Module Flow
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Rules of Engagement (ROE)
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Scope of ROE
ROE includes:
i l d
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Scope of ROE (cont’d)
ROE includes:
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Steps for Framing ROE
Conduct brainstorming
g sessions with the top
p management
g and
technical teams
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Clauses in ROE
Li off allowed
List ll d and
d prohibited
hibi d activities:
i ii
g
• Organization mayy allow some activities like p port
scanning for offline cracking and prohibit others like
password cracking, SQL injection and DoS attacks
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Clauses in ROE (cont’d)
D t il about
Details b t th
the llevell and
d reach
h off pen-test
t t
Details
eta s o
on how
ow o
organizational
ga at o a data iss ttreated
eated
throughout and after the test
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Summary
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited