apiperCIS
commented
5 years ago Inputs 1) Penetration Testing Program document
Operations 1) Determine whether the Penetration Testing Program document exists. If the document exists, set M1 equal to 1. If it does not exist, set M1 equal to 0 and skip the remaining operations. 2) Manually review the Penetration Testing Program document to determine if it addresses a full scope of blended attacks (including wireless, client-based, and web application). If the document adequately addresses a full scope of attacks, set M2 equal to 1. If it does not, set M2 equal to 0.
Measures M1: binary value indicating if the Penetration Testing Program document exists; 1 if it exists, 0 if not M2: binary value indicating if the Penetration Testing Program document adequately addresses a full scope of attacks; 1 if it does, 0 if it does not
Metrics Penetration Testing Program document exists and adequately addresses a full scope of attacks: M1 and M2
Establish a program for penetration tests that includes a full scope of blended attacks, such as wireless, client-based, and web application attacks.
Measures
Metrics