CHECK
|
|
| |
 |
|
The methodology that you supply should be a detailed technical description
of how your company performs a typical Health Check (a network penetration
test). We will look at the steps that you perform during a Health
Check and the sort of activities that you undertake within each step.
Your methodology document should include technical descriptions that
explain why each step is necessary, what the activities undertaken
will achieve and how the activities themselves are performed (typically
a mention of a tool or technique). We are particularly interested
to see how the applicant company adds value over automated scanners,
which are often already in use by HMG departments internally.
We are also interested in the wider framework within which a penetration
test is performed, such as scoping, working with customer requirements
and how CHECK work will be resourced.
Finally, we need to know how you ensure that your CHECK team members
will all practice the same methodology and how they will be made
aware of updates to the company methodology and the latest vulnerabilities.
Note that high-level sales material is not considered a suitable
alternative to a detailed methodology document.
Back to Applying For Check Membership |
Methodology