Weitere Kapitel dieses Buchs durch Wischen aufrufen
The rules of engagement, or ROE, dictate the “how” involved in accomplishing assessment of what was defined in the scope after the shaping phase is complete. The legitimacy and legality of all actions the red team takes while conducting the assessment are ratified by the ROE. A well-established and agreed-to ROE document must be acknowledged and signed by both customer and providing parties. If not, the offensive security engagement by ethical hackers is considered in violation of the Computer Fraud and Abuse Act (CFAA), which constitutes a federal crime in the United States; in other countries, similarly prosecutable laws exist. That being said, this chapter is neither a complete representation of all facets of an ROE a particular test should include nor is it meant to define comprehensively the legal requirements of such a document. Drafting an ROE should involve legal advice as an imperative, and any customer organization agreeing to an ROE should also involve legal consultation prior to signing it.
Bitte loggen Sie sich ein, um Zugang zu diesem Inhalt zu erhalten
Sie möchten Zugang zu diesem Inhalt erhalten? Dann informieren Sie sich jetzt über unsere Produkte:
- Rules of Engagement
Jacob G. Oakley
- Chapter 5
Neuer Inhalt/© ITandMEDIA