PENETRATION TESTING
LEVEL I - HIGH LEVEL ASSESSMENT
A top-down look at the organization's policies, procedures, standards and guidelines. A Level I assessment does not usually involve hands-on technical work. During this period a technical system's security is not actually tested, rather policies and procedures.
The following items are explored:
- New User Requests or Changes
- Physical Security Policies
- Alerting and Monitoring Policies
- Logging and Pattern Analysis Policies